"HTTP Basic: Access denied" with CI_JOB_TOKEN since a few days

thomas.s · December 19, 2022, 3:48pm

Hello,

a few days ago pulling a private repository from the CI of another repository using the CI_JOB_TOKEN stopped working. I was told nothing was changed in our GitLab configuration or permissions. So we are wondering if something changed for the CI_JOB_TOKEN.

We are using the following line to install a pip package from another private repository:

git+https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com/accessio/openmodule/libcontroller@INBOX-1504#egg=arivo-libcontroller

The output is:

  Running command git clone --filter=blob:none --quiet 'https://gitlab-ci-token:****@gitlab.com/accessio/openmodule/libcontroller' /tmp/pip-install-jdl8w55e/arivo-libcontroller_720f4dc7260a40e28d55d4e58698ac10
  remote: HTTP Basic: Access denied. The provided password or token is incorrect or your account has 2FA enabled and you must use a personal access token instead of a password. See https://gitlab.com/help/topics/git/troubleshooting_git#error-on-git-fetch-http-basic-access-denied
  fatal: Authentication failed for 'https://gitlab.com/accessio/openmodule/libcontroller/'
  error: subprocess-exited-with-error

The link does not provide any information for us to find out why it does not work anymore. We also checked the docs here and all looks fine.
An older pipelines which worked fine a few days ago, is now also failing with the same error.

Did something change in GitLab or does anyone have a clue what might be the problem?

Thanks
Thomas

iwalker · December 19, 2022, 4:25pm

Maybe your token expired. Try generating and using a new one, perhaps one that doesn’t expire?

The error message states that it has problems with the password or token provided, so that would be the best place to start.

thomas.s · December 20, 2022, 7:44am

When a pipeline job is about to run, GitLab generates a unique token and injects it as the CI_JOB_TOKEN predefined variable.

and

The token is valid only while the pipeline job runs

So the token should be valid.

thomas.s · February 6, 2023, 4:54pm

Sorry, this was no Problem with GibLab. Tox stopped to use the environment variables from the CI and therefore the CI_JOB_TOKEN was not definied when we pulled from our repo. The empty token was displayed as “****”, making us think that the token was not valid.

Topic		Replies	Views
CI_JOB_TOKEN access denied despite having token access configured GitLab CI/CD ci , token , pipelines	12	13206	July 21, 2023
Issue With gilab-Ci:: remote: HTTP Basic: Access denied How to Use GitLab	0	1222	May 1, 2018
GitLab Runner 15.9.1 "Access Denied" performing any git action with valid credentials Self-managed ci , runner	3	3080	October 20, 2023
Encountering the "remote: HTTP Basic: Access denied" prompt How to Use GitLab git	0	1658	March 8, 2024
Pipeline Job stopped working - Token not accepted from pipline GitLab CI/CD	0	129	July 17, 2024

"HTTP Basic: Access denied" with CI_JOB_TOKEN since a few days

Related topics