Social Connect - Bitbucket - Access Token expires immediately

ilqarilyasov · July 25, 2019, 7:48pm

Hi,

I have working on an iOS application and we want to access user repositories, download it to phone then make some changes and push it back. All of those were working with a hard coded user account credentials. Lately I’ve implemented Auth0 for login/authentication.

This is the code for Auth0 part:

Auth0
.webAuth()
.scope("openid profile email offline_access account repository:admin")
.audience("https://" + clientInfo.domain + "/userinfo")
.start {
switch $0 {
case .success(let credentials):
guard let accessToken = credentials.accessToken,
let refreshToken = credentials.refreshToken else { return }
                SensitiveInfoManager.shared.keychain.setString(accessToken, forKey: .accessToken)
                SensitiveInfoManager.shared.keychain.setString(refreshToken, forKey: .refreshToken)
                
                DispatchQueue.main.async {
                    let main = UIStoryboard(name: "Main", bundle: nil)
                    let tabbar = main.instantiateInitialViewController()
                    self.present(tabbar!, animated: true, completion: nil)
                }
                
            case .failure(let error):
                NSLog("Error authenticating user: \(error)")
                SensitiveInfoManager.shared.keychain.clearAll()
            }
    }

After saving access token I’m using to GET user information. But access token expires immediately. I’m getting 401 “Access token expired. Use your refresh token to obtain a new access token.”

This is Bitbucket’s documentation for OAuth https://developer.atlassian.com/bitbucket/api/2/reference/meta/authentication

jmangelo · July 30, 2019, 7:27am

The content of the error message may be misleading; if you are performing authentication through Auth0 the access token you will get in the response is an Auth0 issued access token.

From your description I’m not certain if that is the case, but if you’re using that access token to call BitBucket API’s then the error is expected because that access token is not meant for BitBucket. It’s true that if the end-user authenticated through BitBucket there was an access token issued by BitBucket, but that one is not surfaced by default to the application. There’s reference information about this at (Identity Provider Access Tokens).

If on the other hand you’re calling the user information endpoint in Auth0 tenant and the access token you obtained is immediately invalid then this would require further review.

ilqarilyasov · July 30, 2019, 12:18pm

Hey @jmangelo thank you for getting back to me. I solved this issue by deleting Auth0 framework. When I follow BitBucket’s instructions implement my own code without using Auth0 everything works very well.

It looks like access token provided by Auth0 doesn’t expire immediately but it’s not valid. I thought maybe access token provided by Auth0 is not an actual access token, maybe it’s a code. And I tried to swap it for an access token, but that didn’t work either.

Topic		Replies	Views
Bitbucket token renewal Help	2	2819	January 9, 2020
The access token expired and a refresh token is not available. The user will need to sign in again. What now? Help auth0 , refresh-tokens , access-token	14	16488	January 25, 2024
Manage & refresh refresh /access tokens for identity providers in Auth0 Help management-api , connections-management-api	1	1133	November 7, 2024
Expired Access Token in /userinfo request [auth0-java] Help userinfo , access-token , auth0-java , token-expiration	7	4493	December 14, 2020
How to update the access_token with new one if existing one expired Help user-profile , user-management	0	14	July 29, 2024

Social Connect - Bitbucket - Access Token expires immediately

Related topics