Is your feature request related to a problem? Please describe.
Bitbucket is deprecating app passwords and replacing them with API tokens, as outlined in this announcement post. Starting September 9th 2025, no new app passwords can be created and on June 9th 2026 all existing app password will stop working. API tokens work very similar to app password. They have scopes, require HTTP basic for auth, and are tied to a single user. Unfortunately for Composer, the HTTP basic username is different depending on whether you access the Bitbucket API or you access Bitbucket via git. For API access it requires the email address and for git it's the username.

Describe the solution you'd like
Have an option where users can configure username, email, and API token for Bitbucket. Unfortunately, this won't be straight forward to implement.

Describe alternatives you've considered
Composer not attempting the git clone fallback for Bitbucket if used with API tokens or even detect if the username looks like an email or username and then decide whether the API or git should be used.

Additional context
API token docs: https://support.atlassian.com/bitbucket-cloud/docs/api-tokens/