Push to GitLab with JGit authorization error

Question

I am able to clone from GitLab via JGit, but when I go to push the changes, I get a not authorized error message.

Three more essential details:

I own the repository so it's not an issue with read-only access.
The repository is private so I know the OAuth 2 token is valid and being used in the initial clone.
I ONLY have the username and an oauth2 token. I do not have the user's password, SSH key, or personal access token.

Here is my command for cloning:

Git.cloneRepository()
  .setURI(target)
  .setDirectory(repoFolder)
  .setCloneAllBranches(true)
  .setCredentialsProvider(new UsernamePasswordCredentialsProvider("oauth2", token))
  .call();

Here is my command for pushing:

PushCommand push = cloneSource.push();
  push.setRemote(target);
  push.setPushAll();
  push.setCredentialsProvider(new UsernamePasswordCredentialsProvider("oauth2", token));
  push.call();

The credentials provider must be given your real username (i.e. the one that is also part of the URL). Is `oauth2` your real username? — Rüdiger Herrmann, Oct 18 '16 at 22:14
Point 3 in your question indicates that you do not have enough to authenticate yourself for the push. — dlamblin, Oct 19 '16 at 12:52
I am using HTTP protocol.. And I tried using my real username instead of `oauth2`, but that did not work either. With my username I am unable to even clone the repo in the first place. — user3817808, Oct 19 '16 at 12:53
@dlamblin I'm not sure I understand... With GitHub this works fine, is there a difference for the oauth2 tokens in GitLab? — user3817808, Oct 19 '16 at 12:54

score 5 · Answer 1 · answered Sep 18 '17 at 17:58

5

For authenticating gitlab using personal access token and jgit, you can use the following snippet:

With the snippet below, I was able to push back to a GitLab repository.

CredentialsProvider credentialsProvider = new 
     UsernamePasswordCredentialsProvider( "PRIVATE-TOKEN", <your oauth token> );
git.push()
     .setCredentialsProvider( credentialsProvider )
     .call();

This works as of Jgit version (4.8.0.201706111038-r)

answered Sep 18 '17 at 17:58

jugu

98
1
5

This should be the accepted answer; it works great. Thank you very much for sharing. – jpruiz114 Nov 19 '20 at 20:45

Rüdiger Herrmann · Answer 2 · 2016-10-19T22:13:45.190

4

With the snippet below, I was able to clone from and push back to a GitLab repository.

CredentialsProvider credentialsProvider 
  = new UsernamePasswordCredentialsProvider( "myname", "password" );
Git git = Git.cloneRepository()
  .setURI( "https://gitlab.com/myname/repo.git" )
  .setDirectory( tempFolder.newFolder() )
  .setCredentialsProvider( credentialsProvider )
  .call();

File file = new File( git.getRepository().getWorkTree(), "file" + new Object().hashCode() );
file.createNewFile();
git.add().addFilepattern( file.getName() ).call();
git.commit().setMessage( "Add file " + file.getName() ).call();

git.push()
  .setCredentialsProvider( credentialsProvider )
  .call();

If you are using GitLab's Personal Access Tokens, you need to encode the access token into the URL and provide it as a password, like this:

CredentialsProvider credentialsProvider 
  = new UsernamePasswordCredentialsProvider( "myname", "<token>" );
command.setURI( "https://gitlab-ci-token:<token>@gitlab.com/myname/repo.git" )
command.setCredentialsProvider( credentialsProvider )

Maybe that will help to find the source of the 'not authorized' error. In order to communicate through SSH, you need to add an SSH key to your GitLab profile.

edited Oct 19 '16 at 22:13

answered Oct 18 '16 at 22:36

Rüdiger Herrmann

20,512
11
62
79

I guess I didn't mention this, I will not have the password for the user, an SSH key, nor a personal access token. The only information I have access to, is the username and an oauth2 token. – user3817808 Oct 19 '16 at 12:43
@user3817808 Can you describe how/wherein GitLab's web UI the username and oauth token is managed so that I am able to reproduce your environment? – Rüdiger Herrmann Oct 19 '16 at 21:46
I don't know how to get an oauth token through the web UI, but I am able to get it following this flow: https://docs.gitlab.com/ce/api/oauth2.html PS I do have the username/password of a test user, but for all other users of my application I will not. – user3817808 Oct 20 '16 at 12:46
Thanks for letting me know. From what I tried, the REST API does the same as the web UI in _Profile Settings_ > _Applications_. I have posted your question - in my own words - [to the GitLab forum](https://forum.gitlab.com/t/cloning-repository-with-oauth-is-rejected-with-not-authorized/4745) – Rüdiger Herrmann Oct 20 '16 at 17:55
I believe what you are getting from the UI is just an application id/secret.. That's not the same as an oauth2 token. Looking at your GitLab post, you should be able to clone with `git clone https://oauth2:a1b2c3@gitlab.com/user/repo.git`, at least I am able to. – user3817808 Oct 20 '16 at 18:41
Hm, but I'm getting `not authorized` Does your repository allow read-only public access? – Rüdiger Herrmann Oct 20 '16 at 23:17
No, it is completely private – user3817808 Oct 24 '16 at 17:42
I am afraid I am running out of ideas here - unless maybe someone answers my GitLab forum post. – Rüdiger Herrmann Oct 24 '16 at 21:01

Chandrani H · Answer 3 · 2021-01-28T14:08:39.807

I am using Git.lsRemoteRepository() method from JGit using OAuth2 access token.

Setting UsernamePasswordCredentialsProvider like this actually worked for me:

    LsRemoteCommand cmd = Git.lsRemoteRepository();
    cmd.setRemote(cloneUrl);
    cmd.setCredentialsProvider(new UsernamePasswordCredentialsProvider("oauth2", gitlab-access-token));

The url is of a private Gitlab repository- https://gitlab.com/my-private-group/testprojectxyxy.git

Push to GitLab with JGit authorization error

3 Answers3