'Invalid OAuth client credentials' error when setting up autoscaler for runners on Kubernetes in Bitbucket Cloud

Platform Notice: Cloud Only - This article only applies to Atlassian products on the cloud platform.

Summary

While deploying autoscaler for runners on kubernetes, users may experience a credentials error:

1 UnauthorizedClientError: (unauthorized_client) Invalid OAuth client credentials

Solution

Below are three possible causes/solutions for the problem.

  • Ensure you have provided right permissions for the password. Minimum Scope to be provided:

    Checked boxes are "This is a private consumer," Account "Read," Repositories "read," and Runners "write."

  • Make sure that the credentials are correctly encode with base 64 and later added them to k8s manifest without trailed characters(such as empty space/new line )

    1 2 echo -n $BITBUCKET_OAUTH_CLIENT_ID | base64 echo -n $BITBUCKET_OAUTH_CLIENT_SECRET | base64

  • Ensure that the Kubernetes secret is created in the correct namespace where the runner is being deployed. Below command can be used:

    1 kubectl create secret generic <secret-name> --from-literal=<key>=<value> -n <namespace>

    If the issue persists, look for any additional error details that might give more insight into the issue. Use the following command to get logs from the autoscaler pod:

    1 kubectl logs <autoscaler-pod-name> -n <namespace>
Updated on March 5, 2025
Platform
Cloud only
Product
Bitbucket Cloud
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community