Troubleshooting OAuth Requests
OAuth requires you to write your own code and a third-party OAuth library. Our Support resources cannot debug your application code or a third-party OAuth library. This page provides some tips for troubleshooting problems with your OAuth requests.
On this page
Check your Oauth version
Bitbucket supports OAuth 1.0a with HMAC-SHA1 (shared secret) signatures. We support both 3-Legged and 2-Legged OAuth. RSA-SHA1 (the public/private keys feature) is not currently supported.
Check your application server's clock
Make sure your application server's clock is accurate. OAuth requires that timestamps be within five minutes of the Bitbucket server clock. If the timestamp is not within a five minutes either side of the actual current time, the request is rejected.
Test your signature interactively
You should verify your key and secret with some public code.
Review the OAuth library you are utilizing
While there are plenty of great libraries referenced from OAuth.net, not all are created equal and some may not work as expected. For example, the rauth library uses query parameters in the URL by default. We wrote our OAuth implementation specifically with header authentication in mind as the primary authentication method. As a result, rauth calls may fail with Bitbucket if a URL's length exceeds 4094 characters.