On Wed, Oct 3, 2018 at 12:34 PM Dimitri Kopriwa <d.kopriwa@xxxxxxxxx> wrote: > > I have replaced the way I fill the git credentials store, I have verify > ~/.git-credentials and information are there, the ~/.gitconfig look fine > too. > > I still have 401 error when reading from that file. > > This is the paste log : https://paste.gnome.org/pmntlkdw0 > > Now that I use git approve, I dont think that I need a custom helper. > > Any idea why I still can't log in using git-credential? I'm pretty sure Peff touched on this in his reply. When it works, you're either sending a "Private-Token" header or including it in the URL, but, as Peff said, Git will never do either of those things. It sends an "Authorization" header, and, based on their documentation, it doesn't appear Gitlab accepts access tokens in that header. It looks like you're either going to need to include it in the URL (like what happens earlier in the posted trace), or adjust your git config with a "http.extraHeader" set to "Private-Token: <token>" to include the "Private-Token" header (or you could pass it on the command line, like `git -c http.extraHeader="Private-Token: <token>" clone ...`. Hope this helps! Bryan > > Thanks in advance, > > On 10/4/18 1:24 AM, Jeff King wrote: > > On Thu, Oct 04, 2018 at 01:12:11AM +0700, Dimitri Kopriwa wrote: > > > >> Thanks for your reply. I have activated GIT_TRACE_CURL=1 and I can see that > >> the request is failing 401. > >> > >> I can't see which token is used and using what header ? > >> > >> The log say: > >> > >> 17:50:26.414654 http.c:657 => Send header: Authorization: Basic <redacted> > > Yeah, we redact the auth information so people don't accidentally share > > it publicly. If you use the older GIT_CURL_VERBOSE=1, it will include > > the credential (I think it may be base64 encoded, though, so you'll have > > to decipher it). > > > >> I have retested the token locally and it work when used in the url or using > >> `Private-Token: <token>` as stated in the Gitlab documentation > >> https://docs.gitlab.com/ee/api/README.html#personal-access-tokens > > I don't think Git will ever send your token in either of those ways. It > > will always some as an Authorization header. > > > >> Peff, what would be the appropriate way to input my git credential in a 100% > >> success way in a CI? > > I don't know the details of what GitLab would want, but... > > > >> Is this good: > >> > >> git credential approve <<EOF > >> protocol=https > >> host=example.com > >> username=bob > >> password=secr3t > >> OEF > > Yes, that would work to preload a token into any configured helpers. > > > > -Peff