Personal Access Token authentication using builtin git configuration stopped working

Git Clone with Personal access token in git config

I have been able to clone from gitlab as I described in my article for years:
See link GitLab Clone Private Repository with Access Token – Bizmate Solutions
I basically set the access token as gitlab.access_token in the git config and the git clone should work without adding it in a dirty place in the URL. Variables or environment variables are great instead of changing URLs but today i keep getting the error

Failed to execute git clone --mirror -- 'https://private-token:TzP...uYm@gi  
composer_1        |' '/home/composer/.co  
composer_1        |   nfig/composer/cache/vcs/'                                                                  
composer_1        |                                                                                
composer_1        |   Cloning into bare repository '/home/composer/.config/composer/cache/vcs/git  
composer_1        |'...                
composer_1        |   remote: HTTP Basic: Access denied. The provided password or token is incorr  
composer_1        |   ect or your account has 2FA enabled and you must use a personal access toke  
composer_1        |   n instead of a password. See  
composer_1        |   ting_git#error-on-git-fetch-http-basic-access-denied                         
composer_1        |   fatal: Authentication failed for ''

The above has been convenient for a very long time and I just wonder why it stopped working
Any reason why this stopped working?

Personally, I am not aware of any official Git client support of gitlab.access_token in config. This seems to be feature specific for composer only.

In general I never had issues with using PAT, so I would double check if you have access to the repo or the token is correct.

thank you for the reply. Git should have a way to send some signature specific information. Tokens such as the Gitlab or Github ones are set up in my configs everywhere and they work else I would get auth problems even if these tokens end up being consumed by composer and not directly handles by git.

I run mostly docker for development and currently I see that:

  • on my host/PC terminal I have git version 2.37.3 and $ composer --version Composer version 2.3.5 2022-04-13 16:43:00
  • on my container git version 2.30.2 and composer was the latest at v 2.4 but i tested by downgrading it to 2.3.5 and it made no difference.

I tried to upgrade git on my container but the php container is based on debian and it has some weird dependencies issues that block adding the PPA and then installing the latest git from the PPA, ie:

git : Depends: libc6 (>= 2.34) but 2.31-13+deb11u4 is to be installed
       Recommends: less but it is not going to be installed

The only difference i can think of is indeed that I have two different versions of the git clients v 2.30 vs 2.37 and when composer runs something in the git client is not loading the token or accounting for it.

Other than this if you have any other suggestions on how to troubleshoot this feel free to share ideas on debugging, testing other software parts etc

I don’t think it is a Git client issue, because I can see in the output that composer just takes the token value and puts it into URL (Basic Auth).

git clone --mirror --

I must say I have not found any reference of gitlab.access_token option in git config anywhere. Composer docs suggests saving it as composer config --global --auth <token> and Git client is using credential helpers in general.

I would personally just try with new PAT as GitLab changed format of Access Tokens. GitLab will also introduce mandatory expiration of PATs with next major release. Switching to SSH Keys would be an option too.

So i changed the token, not with git but indeed inside composer. For some reasons composer on my host was still working even with the old personal token.

The git approach does not work so I will indeed fix my article too.

1 Like