How to get bitbucket's refresh_token?

Question

I am using the below API

https://bitbucket.org/site/oauth2/authorize?client_id={client_id}&response_type=token

to get access_token but access_token is expired in 1 hour and I need refresh_token but I am not able to get refresh_token in the above API's response. The response of above API is

https://www.example.com/#access_token={access_token}&scopes={scopes}&expires_in=3600&token_type=bearer

You can see in above response there is no Or is there any other way to get refresh_token.

I wanted to call the above API as GET method.

Can please someone help.

Thank You!

score 7 · Answer 1 · answered Dec 05 '18 at 06:55

In your browser go to

https://bitbucket.org/site/oauth2/authorize?client_id={client_id}&response_type=code

Authorize using your bitbucket account.

After that, your browser will be redirected to

{your_redirect_link}/?code={code}

Use the code to make another request in a terminal:

curl -X POST -u "{client_id:secret}" https://bitbucket.org/site/oauth2/access_token -d grant_type=authorization_code -d code={code}

The reponse will be look like that:

{
  "access_token": "some_long_string",
  "scopes": "team webhook account issue wiki pipeline pullrequest project snippet",
  "expires_in": 7200,
  "refresh_token": "the_string_you_need",
  "token_type": "bearer"
}

Now you can refresh access_token with a request

curl -X POST -u "{client_id}:{secret}" https://bitbucket.org/site/oauth2/access_token -d grant_type=refresh_token -d refresh_token={refresh_token}

carueda · Answer 2 · 2019-02-21T23:15:43.900

2

EDIT: please note, after a revisit to this issue, I have to say my initial "solution" below is incorrect. Petr's solution above is more appropriate. Apologies if I caused any confusion.

I was just precisely facing this very question, thanks for entering it in SO!

Better yet, I just found the solution: You need to make a request for grant_type=client_credentials:

curl -X POST -u "your_client_id:your_secret" \ 
     https://bitbucket.org/site/oauth2/access_token \
    -d grant_type=client_credentials

The refresh token will be included in the reply:

{
    "access_token": "the_access_token",
    "expires_in": 3600,
    "refresh_token": "the_refresh_token",
    "scopes": "....",
    "token_type": "bearer"
}

Note that, regarding the refresh token itself, you need to make this request only once according to this comment from Atlassian team member:

... refresh tokens do not expire. [...] Access tokens expire as per the spec, refresh tokens do not expire.

edited Feb 21 '19 at 23:15

answered Mar 09 '18 at 00:43

carueda

182
1
6

Thanks for your reply. This solution I have found already but the thing is I wanted to use this with REST client instead of CURL. Do you have any idea regarding this? – Deepak Kumbhar Mar 09 '18 at 04:50
Sorry, your "How to get bitbucket's refresh_token?" is what the indicated solution is about. If the actual question is how to use it to retrieve a "refreshed" **access token**: As explained at https://developer.atlassian.com/cloud/bitbucket/oauth-2/ this needs to be via a POST request to `https://bitbucket.org/site/oauth2/access_token` with basic authentication (using your client_id and secret), and form parameters: `grant_type=refresh_token` and `refresh_token=`. Consult your "REST client" doc to see how to make such request (or indicate what language/env you are using). – carueda Mar 09 '18 at 06:12

score 0 · Accepted Answer · answered Mar 12 '18 at 09:47

I got some solution. As I was using browser-based operations without server-side back-end support. In the Atlassian doc they have mentioned that Implicit and JWT are excluded the refresh_tokens. And If you want refresh_token as well then you need to use Authorization Code Grant first.

How to get bitbucket's refresh_token?

3 Answers3