Bitbucket API - Unable to Generate Access Token from JWT

Question

I'm using Bitbucket Connect App and getting JWT token from webhook event. When I am using the latest JWT to get access token, the access token API returning blank in response.

API:

curl -X POST -H "Authorization: JWT {jwt_token}" \ https://bitbucket.org/site/oauth2/access_token \ -d grant_type=urn:bitbucket:oauth2:jwt

Example:

curl -X POST -H "Authorization: JWT ey*****XVCJ9.eyJpc3MiOi****asdfQ.**BBD**" \
  https://bitbucket.org/site/oauth2/access_token \
  -d grant_type=urn:bitbucket:oauth2:jwt

Response

{blank}

API Reference:

https://developer.atlassian.com/cloud/bitbucket/oauth-2/

Thanks

Answer 1

I followed this documentation to generate Access Token and it worked. https://pawelniewiadomski.com/2016/06/06/building-bitbucket-add-on-in-rails-part-7/

Most of the Part for generating access token using Bitbucket Cloud API

def get_access_token
  unless current_jwt_auth
    raise 'Missing Authentication context'
  end

  # Expiry for the JWT token is 3 minutes from now
  issued_at = Time.now.utc.to_i
  expires_at = issued_at + 180

  jwt = JWT.encode({
                       iat: issued_at,
                       exp: expires_at,
                       iss: current_jwt_auth.addon_key,
                       sub: current_jwt_auth.client_key
                   }, current_jwt_auth.shared_secret)

  response = HTTParty.post("#{current_jwt_auth.base_url}/site/oauth2/access_token", {
      body: {grant_type: 'urn:bitbucket:oauth2:jwt'},
      headers: {
          'Content-Type' => 'application/x-www-form-urlencoded',
          'Authorization' => 'JWT ' + jwt
      }
  })

  if response.code == 200
    Response.new(200, response.parsed_response)
  else
    Response.new(response.code)
  end
end

Answer 2

I had the same problem until I added the sub key to the payload. Set the value to the value received in clientKey during the app installation lifeycle event.