Problem

Bitbucket Server v8.6.4 rejects Basic auth with Personal Access Tokens but accepts Bearer token auth. This means bkt auth login fails with 401 Unauthorized on these older instances, even with a valid PAT.

$ bkt auth login https://bitbucket.example.com
Username: myuser
Personal Access Token: 
Error: verify credentials: 401 Unauthorized: Authentication failed.

The same token works fine with Bearer auth:

$ curl -s -H "Authorization: Bearer <PAT>" https://bitbucket.example.com/rest/api/1.0/application-properties
{"version":"8.6.4","buildNumber":"8006004","displayName":"Bitbucket"}

Working solution

I've implemented this in my fork: srid@5bd22c9

The change adds a --bearer flag to bkt auth login that uses Authorization: Bearer <token> instead of SetBasicAuth(username, token). The flag is persisted in the host config so all subsequent API calls use Bearer auth automatically.

$ bkt auth login https://bitbucket.example.com --bearer --allow-insecure-store
Personal Access Token: 
✓ Logged in to https://bitbucket.example.com as bearer-token (bearer-token)

$ bkt pr list
#436    OPEN    feat: Update dependencies ...

Question

Would you be open to a PR for this? The changes touch:

• pkg/httpx/client.go — BearerToken field on Options/Client, prefer Bearer over Basic when set
• pkg/bbdc/client.go — pass-through BearerToken bool
• internal/config/config.go — bearer_token field on Host
• pkg/cmd/auth/auth.go — --bearer flag, skip username prompt, verify via /application-properties instead of /users/{slug}
• pkg/cmdutil/client.go — wire BearerToken to DC client