Social Connect - Bitbucket - Access Token expires immediately

ilqarilyasov · July 25, 2019, 7:48pm

Hi,

I have working on an iOS application and we want to access user repositories, download it to phone then make some changes and push it back. All of those were working with a hard coded user account credentials. Lately I’ve implemented Auth0 for login/authentication.

This is the code for Auth0 part:

Auth0
.webAuth()
.scope("openid profile email offline_access account repository:admin")
.audience("https://" + clientInfo.domain + "/userinfo")
.start {
switch $0 {
case .success(let credentials):
guard let accessToken = credentials.accessToken,
let refreshToken = credentials.refreshToken else { return }
                SensitiveInfoManager.shared.keychain.setString(accessToken, forKey: .accessToken)
                SensitiveInfoManager.shared.keychain.setString(refreshToken, forKey: .refreshToken)
                
                DispatchQueue.main.async {
                    let main = UIStoryboard(name: "Main", bundle: nil)
                    let tabbar = main.instantiateInitialViewController()
                    self.present(tabbar!, animated: true, completion: nil)
                }
                
            case .failure(let error):
                NSLog("Error authenticating user: \(error)")
                SensitiveInfoManager.shared.keychain.clearAll()
            }
    }

After saving access token I’m using to GET user information. But access token expires immediately. I’m getting 401 “Access token expired. Use your refresh token to obtain a new access token.”

This is Bitbucket’s documentation for OAuth https://developer.atlassian.com/bitbucket/api/2/reference/meta/authentication

jmangelo · July 30, 2019, 7:27am

The content of the error message may be misleading; if you are performing authentication through Auth0 the access token you will get in the response is an Auth0 issued access token.

From your description I’m not certain if that is the case, but if you’re using that access token to call BitBucket API’s then the error is expected because that access token is not meant for BitBucket. It’s true that if the end-user authenticated through BitBucket there was an access token issued by BitBucket, but that one is not surfaced by default to the application. There’s reference information about this at (Identity Provider Access Tokens).

If on the other hand you’re calling the user information endpoint in Auth0 tenant and the access token you obtained is immediately invalid then this would require further review.

ilqarilyasov · July 30, 2019, 12:18pm

Hey @jmangelo thank you for getting back to me. I solved this issue by deleting Auth0 framework. When I follow BitBucket’s instructions implement my own code without using Auth0 everything works very well.

It looks like access token provided by Auth0 doesn’t expire immediately but it’s not valid. I thought maybe access token provided by Auth0 is not an actual access token, maybe it’s a code. And I tried to swap it for an access token, but that didn’t work either.