Converting OAuth 1 Credentials to OAuth 2 Credentials

Hi there,

given the upcoming deprecation of the V1 API, does that include deprecation of the old V1 credentials (OAuth Token, OAuth Token Secret) or will these continue to work with the V2 APIs as they do now?

If these will stop working, do you provide an endpoint for converting these old - but still valid - credentials to Refresh token under the new OAuth 2 scheme without requiring user interaction and thus service disruptions?

Thank you!

Hi @schmittjoh,
Sorry for the long delay. The OAuth1 functionality has been deprecated for a long time, so you should migrate as soon as possible.

There is an endpoint to swap an OAuth1 token for an OAuth2 token. Here is a curl command demonstrating the request:

$ curl -s  https://bitbucket.org/site/oauth2/access_token \
  -d grant_type=urn:bitbucket:oauth1:access_token \
  -d client_id={client_id} \
  -d client_secret={client_secret}t \
  -d oauth1_access_token={oauth1_access_token}

…and the corresponding response:

{
  "access_token": "{oath2_access_token}",
  "scopes": "{scopes}",
  "expires_in": 3600,
  "refresh_token": "{refresh_token}",
  "token_type": "bearer"
}

You will need to ensure that your OAuth consumer has a callback url configured. This was optional for OAuth1, but is required for all OAuth2 clients. Otherwise you’ll get an error like this:

{"error_description": "No callback uri defined for the OAuth client.", "error": "invalid_request"} 

Please let me know if you have any further questions.

Eric

2 Likes