Once your remote backend has received a request from Forge, you can use the app system token or app user token to perform git operations over HTTPS against Bitbucket repositories.
When setting up your app to:
You’ll need one of the following in your manifest.yml
:
endpoint.auth.appSystemToken
set to true
endpoint.auth.appUserToken
set to true
Which one you need depends on whether you want to access product APIs as a generic bot user (appSystemToken
) or the current user’s permission (appUserToken
).
This ensures requests to your remote contain an x-forge-oauth-system
or x-forge-oauth-user
header, containing a token
you can use to perform git operations over HTTPS against Bitbucket repositories.
Your app must also request the read:repository:bitbucket
scope for operations such as git clone
, and the write:repository:bitbucket
scope for git push
.
This can be done by including them in the permissions section of your app's manifest.yml
file.
Both of these tokens are encoded in JWT. The exp
claim in their payload represents the expiration time.
Once you’ve got your token, you can use it as the basic auth credentials in the URL of the git over HTTPS operation, with x-token-auth
as a substitute for username.
The git operation will fail if the app does not have the correct scope, or if the app or user does not have the appropriate permission to the repo.
Example:
Git clone using app system token as the credential:
1 2git clone https://x-token-auth:{x-forge-oauth-system token}@bitbucket.org/{workspace}/{repository}.git
Git push using app user token as the credential:
1 2git push --repo https://x-token-auth:{x-forge-oauth-user token}@bitbucket.org/{workspace}/{repository}.git
For further help, see how you can:
Rate this page: