Using Authorization Method bearer on pull mirrored repositories

Problem to solve

We have a self-hosted on-prem gitlab enterprise (v16.9.1-ee). There are several git repositories hosted in Azure DevOps. For data recovery reasons we want to set up pull mirroring on this gitlab instance for those repos hosted on Azure by calling the gitlab REST API (Project remote mirrors API | GitLab). This is an automated process triggered by a pipeline.

Eveything works fine with a PAT from DevOps and basic auth. But, as we don’t want to use a Personal Account we need to use a Service Principal that authenticates against MS Graph. Service Pricipals cannot issue PATs, but only OAuth Tokens.

How can we assign a OAuth Token to a repository that is pull mirrored using the Gitlab REST API?


  • GitLab Enterprise Edition v16.9.1-ee