CI_JOB_TOKEN access denied despite having token access configured


I am using the CI_JOB_TOKEN with bazel to clone a second git repository within the same gitlab group. The basic setup for this to work is

git config --global url."https://gitlab-ci-token:${CI_JOB_TOKEN}".insteadOf ""

which rewirtes all ssh urls of gitlab to https urls with basic authentication using the job token.

Up until a few days ago this worked without problems. I am aware, that with the 16.0 update the project (B), which is accessed needs to define a token access for the project which wants to access (A) it via the job token.

So far I’ve added the A to the token access list of B. I still get the access denied error, when running the CI job:

Error in fail: error running 'git fetch origin refs/heads/*:refs/remotes/origin/* refs/tags/*:refs/tags/*' while working with @hugo_geekdoc_theme:
remote: HTTP Basic: Access denied. The provided password or token is incorrect or your account has 2FA enabled and you must use a personal access token instead of a password. See
fatal: Authentication failed for ''

I am running this on Gitlab Saas with custom runners.

Running with gitlab-runner 15.11.0 (v15.11.0)

I did not find it in the changelog but is it necessary for the runners to also be on version 16.0 for this to work? I am asking because I have no access to the runner setup and would like to understand if this is the cause.