jenkinsci · nfalco79 · Mar 1, 2025 · Mar 1, 2025
diff --git a/...com/cloudbees/jenkins/plugins/bitbucket/impl/credentials/BitbucketOAuthAuthenticator.java b/...com/cloudbees/jenkins/plugins/bitbucket/impl/credentials/BitbucketOAuthAuthenticator.java
@@ -25,28 +25,33 @@
 package com.cloudbees.jenkins.plugins.bitbucket.impl.credentials;
 
 import com.cloudbees.jenkins.plugins.bitbucket.api.BitbucketAuthenticator;
+import com.cloudbees.jenkins.plugins.bitbucket.api.BitbucketException;
+import com.cloudbees.jenkins.plugins.bitbucket.client.Cache;
 import com.cloudbees.plugins.credentials.CredentialsScope;
 import com.cloudbees.plugins.credentials.common.StandardUsernameCredentials;
 import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
 import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl;
 import com.github.scribejava.core.builder.ServiceBuilder;
 import com.github.scribejava.core.httpclient.jdk.JDKHttpClientConfig;
 import com.github.scribejava.core.model.OAuth2AccessToken;
+import com.github.scribejava.core.model.OAuth2AccessTokenErrorResponse;
 import com.github.scribejava.core.model.OAuthConstants;
 import com.github.scribejava.core.oauth.OAuth20Service;
 import hudson.model.Descriptor.FormException;
 import hudson.util.Secret;
-import java.io.IOException;
 import java.util.concurrent.ExecutionException;
+import java.util.concurrent.TimeUnit;
 import jenkins.util.SetContextClassLoader;
+import org.apache.commons.codec.digest.DigestUtils;
+import org.apache.commons.lang.StringUtils;
 import org.apache.http.HttpRequest;
 
 public class BitbucketOAuthAuthenticator implements BitbucketAuthenticator {
+    private static final Cache<String, OAuth2AccessToken> cacheToken = new Cache<>(5, TimeUnit.MINUTES);
 
     private final String credentialsId;
     private final String username;
     private final Secret password;
-    private OAuth2AccessToken token;
 
     /**
      * Constructor.
@@ -60,18 +65,26 @@
     }
 
     private OAuth2AccessToken getToken() {
-        if (token == null) {
-            try (SetContextClassLoader cl = new SetContextClassLoader(this.getClass());
-                    OAuth20Service service = new ServiceBuilder(username)
-                        .apiSecret(Secret.toString(password))
-                        .httpClientConfig(JDKHttpClientConfig.defaultConfig())
-                        .build(BitbucketOAuth.instance())) {
-                token = service.getAccessTokenClientCredentialsGrant();
-            } catch (IOException | InterruptedException | ExecutionException e) {
-                throw new RuntimeException(e);
+        try {
+            String plainSecret = Secret.toString(password);
+            String cacheKey = DigestUtils.md2Hex(StringUtils.join(new String[] { credentialsId, username, plainSecret }, '/'));
+            return cacheToken.get(cacheKey, () -> {
+                try (SetContextClassLoader cl = new SetContextClassLoader(this.getClass());
+                        OAuth20Service service = new ServiceBuilder(username)
+                            .apiSecret(plainSecret)
+                            .httpClientConfig(JDKHttpClientConfig.defaultConfig())
+                            .build(BitbucketOAuth.instance())) {
+                    return service.getAccessTokenClientCredentialsGrant();
+                }
+            });
+        } catch (ExecutionException e) {
+            // unwrap exception
+            Throwable cause = e.getCause();
+            if (cause instanceof OAuth2AccessTokenErrorResponse oauthEx) {
+                throw new BitbucketException(oauthEx.getErrorDescription() + ". Please check configured OAuth credentials client id and secret are correct.", e);
             }
+            throw new RuntimeException(cause);
         }
-        return token;
     }
 
     /**