Summary:

Bitbucket Cloud has deprecated app passwords (EOL June 9, 2026). Harness currently requires a username + password (historically an app password) for Bitbucket Cloud connectors, which prevents authentication using the new Workspace-level API Tokens.

Use Case / Problem Statement:

When configuring a Bitbucket Cloud connector, entering email/username + Workspace API Token fails authentication. The connector enforces the legacy password path, which is no longer aligned with Bitbucket’s new authentication model.

Impact:

Blocks onboarding for Bitbucket Cloud users who can’t generate app passwords.

Prevents IDP workflows that temporarily modify repo permissions (e.g., bypass branch protection, commit, and revert).

Creates compliance and migration risk as app passwords near deprecation.

Proposed Enhancement:

Add native support for Workspace API Tokens in the Bitbucket Cloud connector.

Allow token-only or username + token authentication modes.

Update connector UI to include an “API Token” credential type distinct from “Password/App Password.”

Ensure parity with Bitbucket REST API validation behavior.

Expected Outcome:

Harness users can authenticate Bitbucket Cloud connectors with Workspace-level API Tokens, ensuring continued compatibility and compliance with Bitbucket’s new authentication model.