mark
mark
CCoder.com
Created by mark on 4/11/2024 in #help
Gitlab git functionality not working after token refresh after workspace is created
Hey all, I'm using Gitlab external auth for my git functionality currently. The GIT_ASKPASS interraction works just fine when I create a new workspace, but after ~12h or so (seemingly this line up with the tokens expiration + renewal but I'm not positive) I start seeing the folowing error:
remote: HTTP Basic: Access denied. The provided password or token is incorrect or your account has 2FA enabled and you must use a personal access token instead of a password. See https://gitlab.com/help/topics/git/troubleshooting_git#error-on-git-fetch-http-basic-access-denied
fatal: Authentication failed for 'MY_REPO'
remote: HTTP Basic: Access denied. The provided password or token is incorrect or your account has 2FA enabled and you must use a personal access token instead of a password. See https://gitlab.com/help/topics/git/troubleshooting_git#error-on-git-fetch-http-basic-access-denied
fatal: Authentication failed for 'MY_REPO'
This is strange, as if I run coder external-auth access-token gitlab within that workspace the token it produces works with git if I simply set the user to oauth2 and the the password to that token in my git repo using git remote set-url origin https://oauth2:MY_TOKEN@MY_REPO, but ofc once the token refreshes that no longer works. I'm not doing any of that on the workspace startup, but I am setting GIT_USERNAME and GIT_PASSWORD since I'm using envbuilder: the git actions work during build with those and, once the workspace is created, I see no GIT-related environment variables other than those I'd expect with a vanilla configuration:
$ env | grep GIT
GIT_SSH_COMMAND=/tmp/coder.X2w8uz/coder gitssh --
GIT_COMMITTER_NAME=removed
GIT_ASKPASS=/tmp/coder.X2w8uz/coder
GIT_AUTHOR_EMAIL=removed
GIT_COMMITTER_EMAIL=removed
GIT_AUTHOR_NAME=removed
$ env | grep GIT
GIT_SSH_COMMAND=/tmp/coder.X2w8uz/coder gitssh --
GIT_COMMITTER_NAME=removed
GIT_ASKPASS=/tmp/coder.X2w8uz/coder
GIT_AUTHOR_EMAIL=removed
GIT_COMMITTER_EMAIL=removed
GIT_AUTHOR_NAME=removed
Any ideas?
13 replies