Error 500 while accessing Bitbucket Server "Authorized applications" page
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Trying to access Bitbucket User profile >> Manage account >> Authorized Applications tab, shows 500 error and a Null Pointer exception is logged.
Diagnosis
The atlassian-bitbucket.log would have the following stack trace:
ERROR [http-nio-7990-exec-2812] @12STDEHx686x8352062x4 qgqnbt 3.120.75.37,10.50.0.103 "GET /mvc/error500 HTTP/1.1" c.a.s.i.web.ErrorPageController There was an unhandled exception loading [/plugins/servlet/oauth/users/access-tokens]
java.lang.NullPointerException: consumer
at com.google.common.base.Preconditions.checkNotNull(Preconditions.java:895)
at com.atlassian.oauth.Token$TokenBuilder.consumer(Token.java:163)
at com.atlassian.oauth.serviceprovider.sal.PluginSettingsServiceProviderTokenStore.get(PluginSettingsServiceProviderTokenStore.java:101)
at com.atlassian.oauth.serviceprovider.sal.PluginSettingsServiceProviderTokenStore$KeyToToken.apply(PluginSettingsServiceProviderTokenStore.java:212)
at com.atlassian.oauth.serviceprovider.sal.PluginSettingsServiceProviderTokenStore$KeyToToken.apply(PluginSettingsServiceProviderTokenStore.java:204)
at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:73)
at com.atlassian.stash.internal.request.DefaultRequestManager.doAsRequest(DefaultRequestManager.java:84)
at com.atlassian.stash.internal.hazelcast.ConfigurableWebFilter.doFilter(ConfigurableWebFilter.java:38)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.lang.Thread.run(Unknown Source)
... 248 frames trimmed- Verify if this issue is occurring only for a particular user.
The Authorized Applications page is only populated after you retrieve Bitbucket Server data (eg. PR, Branch, Commits) from within JIRA. Basically clicking on something in the Development panel of the Jira issue. For example if you click on Commits in the Jira Issue Development panel:
the Authorized Applications page gets this information:
Cause
This issue could be caused due to a corrupted entry in the table where the tokens are stored. The plugin_setting table in the database stores the Application Authorization tokens.
Solution
Solution 1
- Find the key for the Authorized application in the
plugin_settingtable and the 4 rows associated with the specific user. For example in this case we have connected Bitbucket to JIRA.
To do that, connect to the Bitbucket database and run the below query:
SELECT * from plugin_setting where key_name like '%ServiceProviderTokenStore%';This is how the output would look like:
bitbucket_7120=# select * from plugin_setting where key_name like '%ServiceProviderTokenStore%';
namespace | key_name | key_value | id
---------------------------+------------------------------------------------------------------------------------------------------+--------------------------------------------------------+-----
bitbucket.global.settings | com.atlassian.oauth.serviceprovider.ServiceProviderTokenStore.token.Kwe5D78FhvhN7vemKsMn0z63ekuE4iaz | #java.util.Properties +| 129
| | #Wed Aug 25 16:47:59 IST 2021 +|
| | session.handle=fnke86wT3D5wDIHnilNL80r5xh0w6KoP +|
| | token=Kwe5D78FhvhN7vemKsMn0z63ekuE4iaz +|
| | session.timeToLive=160272000000 +|
| | creationTime=1629890279662 +|
| | session.creationTime=1629890279662 +|
| | tokenSecret=uhFYhg9zjgZje8s9GS1z61kCAkKSGOrb +|
| | session.lastRenewalTime=1629890279662 +|
| | authorization=AUTHORIZED +|
| | type=ACCESS +|
| | userName=ajaitly +|
| | consumerKey=jira\:4eb9a749-cf8b-4927-a1d4-174e8a82295d+|
| | timeToLive=157680000000 +|
| | |
bitbucket.global.settings | com.atlassian.oauth.serviceprovider.ServiceProviderTokenStore.userAccessTokens.ajaitly | #java.util.Properties +| 130
| | #Wed Aug 25 16:47:59 IST 2021 +|
| | keys=Kwe5D78FhvhN7vemKsMn0z63ekuE4iaz +|
| | username=ajaitly +|
| | |
bitbucket.global.settings | com.atlassian.oauth.serviceprovider.ServiceProviderTokenStore.tokenKeys | Kwe5D78FhvhN7vemKsMn0z63ekuE4iaz | 127
bitbucket.global.settings | com.atlassian.oauth.serviceprovider.ServiceProviderTokenStore.consum35c23ba8624816b776784919df5bd192 | #java.util.Properties +| 128
| | #Wed Aug 25 16:47:59 IST 2021 +|
| | keys=Kwe5D78FhvhN7vemKsMn0z63ekuE4iaz +|
| | consumerKey=jira\:4eb9a749-cf8b-4927-a1d4-174e8a82295d+|
| | |
(4 rows)You can delete your user Access Token using the following query:
DELETE from plugin_setting where key_name = 'com.atlassian.oauth.serviceprovider.ServiceProviderTokenStore.userAccessTokens.<Bitbucket username>';for example:
DELETE from plugin_setting where key_name = 'com.atlassian.oauth.serviceprovider.ServiceProviderTokenStore.userAccessTokens.ajaitly';Solution 2
If there are multiple tokens, you can use this query instead:
SELECT * FROM plugin_setting WHERE key_value like '%G7jz2M7y6YujwiKUiiAV8p7wvMS8R00j/Vt1uij63HFFpj9DqLxrkojrP3imWbMYB/Fp5E8Wvzgf8oQzzjrkP48xIYuVjmrucl%'and then delete them:
DELETE FROM plugin_setting WHERE key_value like '%G7jz2M7y6YujwiKUiiAV8p7wvMS8R00j/Vt1uij63HFFpj9DqLxrkojrP3imWbMYB/Fp5E8Wvzgf8oQzzjrkP48xIYuVjmrucl%'G7jz2M7y6YujwiKUiiAV8p7wvMS8R00j, Vt1uij63HFFpj9DqLxrkojrP3imWbMYB etc are the key_value fields that you see in the key_name: com.atlassian.oauth.serviceprovider.ServiceProviderTokenStore.tokenKeys. You can then create a new token for an Application Link where you use OAuth.
Here are the detailed steps on how to revoke tokens for the username ajaitly:
- Stop Bitbucket Server.
- In the Bitbucket Server database run the appropriate SELECT SQL query
- Run the corresponding DELETE SQL command to remove those tokens
- Restart Bitbucket Server.
- Go to JIRA and login as
ajaitly. - Click on your avatar in the upper right, then click Profile.
- Click Tools (upper right), then View OAuth Tokens.
- Remove any tokens for Bitbucket Server
- Remove the user tokens for
ajaitlyin each of the other linked applications.
This solution will remove and allow ajaitly to re-establish their OAuth tokens without impacting any other users.
When Bitbucket Server first starts, and when a new OAuth token is created, Bitbucket Server (or more specifically the Application Links subsystem) loads the data from the database into memory for quick access. Restarting Bitbucket Server would reload the tokens.
You can then recreate the token using the normal process of retrieving Bitbucket Server data (eg. PR, Branch, Commits) from within JIRA.