Unable to login on gitlab.com: "Login failed. Please retry from your primary device and network."

The security feature was re-enabled in production a few minutes ago, with a fix in place for the intermittent authentication problem.

We will be monitoring the system logs and also this forum post for any indications of issues.

@whaber I am also experiencing the same issue

For users having an issue, please let us know if you saw a captcha when trying to login.

It would also be great if could you to retry with the browser’s console opened to see if errors are being logged and if so post what errors you encounter.

I get the error when logging in using the 1Password browser extension.

STEPS TO REPRODUCE:

  1. Click the suggested credentials to autofill the username and password.
  2. Click “Sign in”.

WORKAROUND:

  1. Click the suggested credentials to autofill the username and password.
  2. Manually focus the username field.
  3. Manually focus the password field.
  4. Click “Sign in”.
3 Likes

Can confirm that it worked for me as well (using BitWarden password manager, in-browser plugin with autofill)

1 Like

Thank you @croccifixio for documenting a workaround and thank you @grinton for confirming it works for you as well. We are working on reproducing the issue oureslves so we can work on a fix. Stay tuned for an issue tracking the fix.

Issue: ArkoseLabs challenge: using password manager browser extension prevents the token input from being populated (#359801) · Issues · GitLab.org / GitLab · GitLab and associated MR Wait until ArkoseLabs token is set before resubmitting (!85324) · Merge requests · GitLab.org / GitLab · GitLab

1 Like

I’ve just experienced the same issue regarding the primary network. I’m using autocomplete to login. Doesn’t work unless I just click on both text fields before hitting login.

I put in the wrong password the first time and it gave me this error instead of the usual “wrong username or password” error message. No Captcha.
Upon retry, I was able to log in. I was logging in from a secondary device.

The problem with browser plugin based password managers should now be resoled as ArkoseLabs challenge: using password manager browser extension prevents the token input from being populated (#359801) · Issues · GitLab.org / GitLab · GitLab is now deployed in production

Hi, a returning user here. I used Gitlab in a project last autumn, and now trying to access again, but with the same error message as described in topic. As before, I’m using Brave browser (currently
Version 1.39.111 Chromium: 102.0.5005.61 (Official Build) (64-bit)) and a commercial password manager (Dashlane).

Looking at console, I see this:

trycatch.js:220 Refused to connect to 'https://cdn.cookielaw.org/consent/[UUID redacted]/[UUID redacted].json' because it violates the following Content Security Policy directive: "connect-src 'self' https://gitlab.com wss://gitlab.com https://sentry.gitlab.net https://customers.gitlab.com https://snowplow.trx.gitlab.net https://sourcegraph.com https://ec2.ap-east-1.amazonaws.com https://ec2.ap-northeast-1.amazonaws.com https://ec2.ap-northeast-2.amazonaws.com https://ec2.ap-northeast-3.amazonaws.com https://ec2.ap-south-1.amazonaws.com https://ec2.ap-southeast-1.amazonaws.com https://ec2.ap-southeast-2.amazonaws.com https://ec2.ca-central-1.amazonaws.com https://ec2.eu-central-1.amazonaws.com https://ec2.eu-north-1.amazonaws.com https://ec2.eu-west-1.amazonaws.com https://ec2.eu-west-2.amazonaws.com https://ec2.eu-west-3.amazonaws.com https://ec2.me-south-1.amazonaws.com https://ec2.sa-east-1.amazonaws.com https://ec2.us-east-1.amazonaws.com https://ec2.us-east-2.amazonaws.com https://ec2.us-west-1.amazonaws.com https://ec2.us-west-2.amazonaws.com https://ec2.af-south-1.amazonaws.com https://iam.amazonaws.com".

(anonymous) @ trycatch.js:220
(anonymous) @ instrument.js:266
be.otFetch @ otSDKStub.js:1
be.fetchBannerSDKDependency @ otSDKStub.js:1
be.initConsentSDK @ otSDKStub.js:1
be @ otSDKStub.js:1
(anonymous) @ otSDKStub.js:1
(anonymous) @ otSDKStub.js:1
helpers.js:88 Uncaught TypeError: Cannot read properties of undefined (reading 'Domain')
    at be.getLocation (otSDKStub.js:1:6022)
    at a.onerror (otSDKStub.js:1:8311)
    at XMLHttpRequest.r (helpers.js:72:23)
be.getLocation @ otSDKStub.js:1
a.onerror @ otSDKStub.js:1
r @ helpers.js:72
error (async)
c @ sprintf.js:39
(anonymous) @ trycatch.js:200
(anonymous) @ trycatch.js:197
(anonymous) @ instrument.js:266
be.otFetch @ otSDKStub.js:1
be.fetchBannerSDKDependency @ otSDKStub.js:1
be.initConsentSDK @ otSDKStub.js:1
be @ otSDKStub.js:1
(anonymous) @ otSDKStub.js:1
(anonymous) @ otSDKStub.js:1
instrument.js:109 Welcome to GitLab!Does this page need fixes or improvements? Open an issue or contribute a merge request to help make GitLab more lovable. At GitLab, everyone can contribute!🤝 Contribute to GitLab: https://about.gitlab.com/community/contribute/🔎 Create a new GitLab issue: https://gitlab.com/gitlab-org/gitlab/-/issues/new🚀 We like your curiosity! Help us improve GitLab by joining the team: https://about.gitlab.com/jobs/

Now, the Issues tab kindly suggest changing “Content Security Policy (CSP)”, but I believe I can’t do much about it. Yes, I’ve also tried manually focusing login and password fields as suggested by @croccofixio, but it doesn’t do anything for me. Same from copying and pasting login info manually. I once managed to get a Captcha out of my attempts, but nothing else. I’ve also tried over VPN to my Uni and without, and seen no difference in results. Occasionally, if I wait a while between attempts, I see briefly a “checking your browser” screen á la Cloudflare or similar, but no progress.

same here, can’t login to my GitLab account anymore. I’m using the brave browser and the Keeper password manager. But I tried even without keeper’s auto-login feature by manually copy&pasting the password from the manager into the password field, still doesn’t work. I’m not seeing a captcha.

I can’t able to login to gitlab. I can only login through stackroute leaning. while i’m pushing the code through gitbash it is asking login credentials. And i’m not even getting reset link to my mail to reset my password. It is showing like this

. Please go through this @whaber

@sreebhavana21 that screenshow hasn’t anything to do with Gitlab other than using Gitlab software for running their own instance. If you cannot login to that page, then you need to talk to the administrators of that page. This forum cannot help you with it.

Hi. I can’t log in to gitlab.com from my web browser (Palemoon) on my PC (Slackware Linux) either. I reset my password and was able to log in on Firefox on my Android phone.
I have tried clicking in the user name and password fields as suggested above, but I keep getting the login failed message and told to log in on my primary device.
Help would be greatly appreciated.
Update: I tried again today using Palemoon and it didn’t work. I got logged in with Firefox on Slackware Linux which did work! I was able to create a new repo, I then tried Palemoon again and after three attempts it worked.
Update2: Menus and Expand buttons don’t work in Palemoon. I’ll stick with Firefox.

I just had this issue with Chrome v102.0.5005.115 and Remembear.
What finally let me log in was editing one of both fields (i.e. removing the last character of the email and retype it)

@whaber I just encountered the same issue as OP while trying to authenticate to Vercel via GitLab.

Reading your responses, I gathered that my adblocker was preventing me from seeing the new captcha, and sure enough once I disabled it for gitlab globally I could see the rather… Peculiar challenge and complete it.

Problem is, when authenticating on Vercel the GitLab Sign In page opens as a popup without the usual Extensions/Add-ons icons in the menu bar. So I had to go back to my main browser window, open the adblocker preferences and manually add the exemption there, then reload the Sign in popup window… This is madness!

Stack is Firefox 100.0.2 64 bits on Arch Linux with uBlock Origin 1.42.4 in medium mode, username is the name as the one I am posting under.

Did you communicate to announce this change? Being blocked like this with no clue as to why (it really looked like it just didn’t like the new network, but then tough luck if you can’t use another one?), then having to look up this issue to find the culprit and then register an account and take still more time to report the issue… That feels wrong. Adblocker detection maybe? Or update the error message to say “Captcha couldn’t load/Incomplete catcha” etc.?

Yep, seeing this on quite a lot of sites now, not just Gitlab. I use Fedora+Firefox+uBlock Origin and also have some sites that fail to work. On disabling ublock for the site, I then see that an EU cookie message to accept or captcha that wasn’t appearing before. After accepting it, I re-enable ublock for the site.

So yeah, adblocker is the main problem here and needs it’s rulesets sorting out so that it allows sites to work properly for cookies and captcha.