Jan 212014

In principle I’m in favour of the ‘log in with X’ way of doing things (modulo user experience issues such as trying to remember which service you picked to sign up with in the first place). There is, however, more to it than that in some cases. Example: using the online repository service bitbucket.

Signing up in the first place with one of my Google accounts worked as expected. The next step, of adding a git repository and pushing files to it, was a little more complicated. You need to use a regular password for git push and, of course, bitbucket doesn’t have the password for my Google account. And I didn’t have a regular password for the account, having set it up using my Google account, so I had to go through the password-reset dance to create a new password that bitbucket is allowed to know.

In other words, for these sorts of services I need a password that the service is allowed to know; logging in with other services is an add-on but not a replacement. This isn’t hard to understand when you stop and think about what’s going on (in the browser the service relies on a lot of browser redirects which aren’t available in the command line), but it did take me a minute or two to figure out that I would have to reset my heretofore blank password to get one that I could use. (Bitbucket also supports SSH identities and I’ll probably set that up instead of the password.)

  2 Responses to “No password issues”

  1. Bitbucket should probably generate a password for you, instead of taking one from you. That way, you could somehow revoke it if the machine you used it on has been stolen or otherwise compromised. AFAICT, GitHub and Sonatype OSS do that, Gerrit and Google Code Hosting have similar mechanisms too.

  2. This was precisely the reason OAuth was started. 😉 We’re getting there, bit by bit. It’d be totally possible for Bitbucket to support an OAuth flow from the command line to deal with this case (which is comparable to the SSH identity approach).

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>



/* ]]> */