6

My plan is to use deploy tokens to access private repos (hosted GitLab).

This one works fine:

 git clone https://my-gitlab-deploy-token-user:my-gitlab-deploy-token-pass@gitlab.com/username/projectname.git

Accessing archive.tgz fails with authentication error:

curl https://my-gitlab-deploy-token-user:my-gitlab-deploy-token-pass@gitlab.com/username/projectname/repository/archive.tar.gz?ref=master

Anyone has an idea why the token authentication works fine using HTTP endpoint for the Git client but fails fetching the archive tarball directly?

Hugo y
  • 1,421
  • 10
  • 20
ctp
  • 1,077
  • 1
  • 10
  • 28
  • There is a possibly related [issue](https://gitlab.com/gitlab-org/gitlab-ce/issues/60900) on GitLab. – kuza Apr 24 '19 at 08:01

1 Answers1

1

The deploy token only allow to clone repository and read docker registry.

Whereas, the Personal Access Tokens allow to authenticate "against Git over HTTP or SSH". Note, they are only limited to the following: API,RSS,Registry. There is a note about about this limitation due to an "Improper Enforcement of Token Scope" on the gitlab blog.

Xavier D
  • 3,364
  • 1
  • 9
  • 16