Add support for Bitbucket API tokens instead of access tokens

[tcrespog]

Description

In #6209, it turns out I mixed up Bitbucket access tokens with Bitbucket API tokens. API tokens are the chosen replacement for app passwords, which cannot longer be created starting from 2025-09-09 and will stop working as a whole starting from 2026-06-09 (source).

This PR adds actual support for API tokens instead of access tokens. Using access tokens, operations such as contacting the REST API were working correctly, but others such as cloning a repository weren't.

Guidelines for testing

• In bitbucket.org, create a private Nextflow pipeline repository.
• Create an API token ("Atlassian Account settings > Security tab > Create and manage API Tokens") and an app password ("Personal Bitbucket settings > App passwords > Create app password").
• In your local computer, create a SCM config file (scm_token.config) with the following contents for API token authentication:

providers {
    bitbucket {
        user = '<email>'
        token = '<API token>'
    }
}

• Run the pipeline; the repository is cloned correctly:

export NXF_SCM_FILE="$HOME/scm_token.config"
nextflow run https://bitbucket.org/<workspace>/<repo>

• In your local computer, create a SCM config file (scm_pass.config) with the following contents for app password authentication:

providers {
    bitbucket {
        user = '<username>'
        password = '<app password>'
    }
}

• Run the pipeline, the app password method keeps working correctly:

rm -rf ~/.nextflow/assets # Remove directory to make sure the repo is not fetched from local assets
export NXF_SCM_FILE="$HOME/scm_pass.config"
nextflow run https://bitbucket.org/<workspace>/<repo>

[netlify]

✅ Deploy Preview for nextflow-docs-staging ready!

Name	Link
🔨 Latest commit	a4e4754
🔍 Latest deploy log	https://app.netlify.com/projects/nextflow-docs-staging/deploys/689e39ca46dadd00086525ea
😎 Deploy Preview	https://deploy-preview-6337--nextflow-docs-staging.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[pditommaso]

It would be preferable to keep support for user/password as a fallback even it deprecated.

https://www.nextflow.io/docs/latest/git.html#bitbucket-server

Consider also updating the corresponding docs

[tcrespog]

It would be preferable to keep support for user/password as a fallback even it deprecated.

https://www.nextflow.io/docs/latest/git.html#bitbucket-server

App passwords are still supported.

Consider also updating the corresponding docs

Docs to be updated in a separate PR.

[pditommaso]

Ok, now I see it.

https://github.com/nextflow-io/nextflow/pull/6337/files#diff-43a99b83c3e3d088e0e301144d9095d16c89f1c6025b49ed28408ec019fe3f06R51

Would not be better to give priority to the token over the pwd?

[tcrespog]

Would not be better to give priority to the token over the pwd?

Makes sense to me. I can change that.

[pditommaso]

Can it be added one line mention in the docs about the new feature ?

[pditommaso]

Ok, I did. Please have a look when you have a chance

[tcrespog]

Ok, I did. Please have a look when you have a chance

Looks good to me. Thanks, Paolo.