permission denied for `http://example.com/rest/api/1.0/projects/{projectKey}/repos/{repositorySlug}`
noel-yap opened this issue · comments
When trying to access http://example.com/rest/api/1.0/projects/{projectKey}/repos/{repositorySlug}
, the following error is hit:
{"errors":[{"context":null,"message":"You are not permitted to access this resource","exceptionName":"com.atlassian.bitbucket.AuthorisationException"}]}
Yes we have this same issue. I have confirmed that this REST API works with basic authentication. We have given full access to the token authenticator plugin.
# Basic auth succeeds
$ curl -X GET --user $USER:$PASSWORD $CURL_HEADERS https://example.com/rest/api/1.0/projects/PROJ/repos/REPO
{"slug":...}
# Token auth fails
$ curl -X GET -H "X-Auth-User:$USER" -H "X-Auth-Token:$TOKEN" $CURL_HEADERS https://example.com/rest/api/1.0/projects/PROJ/repos/REPO
{"errors":[{"context":null,"message":"You are not permitted to access this resource","exceptionName":"com.atlassian.bitbucket.AuthorisationException"}]}
I have further found that the PUT and DELETE requests for the above GET commands also fail with the token auth and succeeds with the basic auth.
# Move repository to a different project
$ curl -X PUT --user $USER:$PASSWORD $CURL_HEADERS --data '{"project":{"key":"NEW_PROJ"}}' https://example.com/rest/api/1.0/projects/PROJ/repos/REPO
# Delete repository
$ curl -X DELETE --user $USER:$PASSWORD $CURL_HEADERS https://example.com/rest/api/1.0/projects/PROJ/repos/REPO
This has been resolved with the PR merged in December 2016. This should be closed.
@njalerikson which version of plugin has the fix for above issue?
Recently we installed this plugin and came across same issue.
@jerinmathew82 looking at the release dates (https://marketplace.atlassian.com/plugins/com.thundermoose.plugins.stash-token-auth/versions) it would seem that v2.1 likely has it
@njalerikson I have V2.2 and I was trying to create/delete a branch (using REST API call) for one of the repo in bitbucket using Token Authentication, it worked fine when I tried from Postman. But getting “(401) Unauthorized” error when I tried from PowerShell ISE. Other REST calls like List all branches, Create a Pull Request, Merge Branches etc worked fine from PowerShell ISE. Did you/anyone faced or aware of any permission issue from PowerShell ISE?