Description

Dear Fedora Infrastructure Team,

I am experiencing persistent authentication failures when attempting to push to my forked repository on src.fedoraproject.org using a Personal Access Token (PAT).

Details:

Username: redadmin
Repository: https://src.fedoraproject.org/forks/redadmin/rpms/opendmarc.git
Branch: redadmin-k-epel-10
Problem: Git push fails with HTTP 401 error. The server responds with "invalid_token" and "Reference token could not be introspected."
I have confirmed the PAT is freshly generated with all necessary permissions, especially "Modify an existing project".
Using the token in curl API calls results in the API returning the login page instead of JSON responses, indicating the token is not accepted.
Tried clearing local credential caches and using different machines/networks without success.

Could you please assist in verifying the status of my account or token permissions? Is there any known issue or additional step required for token activation?

Thank you very much for your support.

Best regards,
redadmin

redadmin commented a month ago

Subject: Git push failed — logs attached Body: This is the git push failure log. Regards, redadmin [redadmin@www opendmarc]$ GIT_TRACE=1 GIT_CURL_VERBOSE=1 git push origin redadmin-k-epel-10 18:02:42.934888 git.c:479 trace: built-in: git push origin redadmin-k-epel-10 18:02:42.935658 run-command.c:666 trace: run_command: GIT_DIR=.git git remote-https origin https://src.fedoraproject.org/forks/redadmin/rpms/opendmarc.git 18:02:42.935700 run-command.c:758 trace: start_command: /usr/libexec/git-core/git remote-https origin https://src.fedoraproject.org/forks/redadmin/rpms/opendmarc.git 18:02:42.938559 git.c:781 trace: exec: git-remote-https origin https://src.fedoraproject.org/forks/redadmin/rpms/opendmarc.git 18:02:42.938625 run-command.c:666 trace: run_command: git-remote-https origin https://src.fedoraproject.org/forks/redadmin/rpms/opendmarc.git 18:02:42.938647 run-command.c:758 trace: start_command: /usr/libexec/git-core/git-remote-https origin https://src.fedoraproject.org/forks/redadmin/rpms/opendmarc.git 18:02:42.950930 http.c:913 == Info: Couldn't find host src.fedoraproject.org in the (nil) file; using defaults 18:02:42.951830 http.c:913 == Info: Trying 38.145.60.20:443... 18:02:43.147058 http.c:913 == Info: Connected to src.fedoraproject.org (38.145.60.20) port 443 (#0) 18:02:43.152008 http.c:913 == Info: ALPN, offering h2 18:02:43.152017 http.c:913 == Info: ALPN, offering http/1.1 18:02:43.158709 http.c:913 == Info: CAfile: /etc/pki/tls/certs/ca-bundle.crt 18:02:43.158872 http.c:913 == Info: TLSv1.0 (OUT), TLS header, Certificate Status (22): 18:02:43.158881 http.c:913 == Info: TLSv1.3 (OUT), TLS handshake, Client hello (1): 18:02:43.362170 http.c:913 == Info: TLSv1.2 (IN), TLS header, Certificate Status (22): 18:02:43.362263 http.c:913 == Info: TLSv1.3 (IN), TLS handshake, Server hello (2): 18:02:43.363302 http.c:913 == Info: TLSv1.2 (IN), TLS header, Finished (20): 18:02:43.363350 http.c:913 == Info: TLSv1.2 (IN), TLS header, Unknown (23): 18:02:43.363400 http.c:913 == Info: TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): 18:02:43.363443 http.c:913 == Info: TLSv1.2 (IN), TLS header, Unknown (23): 18:02:43.383387 http.c:913 == Info: TLSv1.3 (IN), TLS handshake, Certificate (11): 18:02:43.389304 http.c:913 == Info: TLSv1.2 (IN), TLS header, Unknown (23): 18:02:43.389330 http.c:913 == Info: TLSv1.3 (IN), TLS handshake, CERT verify (15): 18:02:43.389568 http.c:913 == Info: TLSv1.2 (IN), TLS header, Unknown (23): 18:02:43.389590 http.c:913 == Info: TLSv1.3 (IN), TLS handshake, Finished (20): 18:02:43.389646 http.c:913 == Info: TLSv1.2 (OUT), TLS header, Finished (20): 18:02:43.389654 http.c:913 == Info: TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): 18:02:43.389684 http.c:913 == Info: TLSv1.2 (OUT), TLS header, Unknown (23): 18:02:43.389690 http.c:913 == Info: TLSv1.3 (OUT), TLS handshake, Finished (20): 18:02:43.389748 http.c:913 == Info: SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 18:02:43.389755 http.c:913 == Info: ALPN, server accepted to use h2 18:02:43.389762 http.c:913 == Info: Server certificate: 18:02:43.389773 http.c:913 == Info: subject: C=US; ST=North Carolina; L=Raleigh; O=Red Hat, Inc.; CN=*.fedoraproject.org 18:02:43.389780 http.c:913 == Info: start date: Oct 9 00:00:00 2024 GMT 18:02:43.389786 http.c:913 == Info: expire date: Nov 9 23:59:59 2025 GMT 18:02:43.389796 http.c:913 == Info: subjectAltName: host "src.fedoraproject.org" matched cert's "*.fedoraproject.org" 18:02:43.389806 http.c:913 == Info: issuer: C=US; O=DigiCert Inc; CN=DigiCert Global G3 TLS ECC SHA384 2020 CA1 18:02:43.389810 http.c:913 == Info: SSL certificate verify ok. 18:02:43.389830 http.c:913 == Info: Using HTTP2, server supports multi-use 18:02:43.389834 http.c:913 == Info: Connection state changed (HTTP/2 confirmed) 18:02:43.389841 http.c:913 == Info: Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 18:02:43.389854 http.c:913 == Info: TLSv1.2 (OUT), TLS header, Unknown (23): 18:02:43.389875 http.c:913 == Info: TLSv1.2 (OUT), TLS header, Unknown (23): 18:02:43.389892 http.c:913 == Info: TLSv1.2 (OUT), TLS header, Unknown (23): 18:02:43.389922 http.c:913 == Info: Using Stream ID: 1 (easy handle 0x563102cf6250) 18:02:43.389939 http.c:913 == Info: TLSv1.2 (OUT), TLS header, Unknown (23): 18:02:43.389955 http.c:860 => Send header, 0000000237 bytes (0x000000ed) 18:02:43.389961 http.c:872 => Send header: GET /forks/redadmin/rpms/opendmarc.git/info/refs?service=git-receive-pack HTTP/2 18:02:43.389965 http.c:872 => Send header: Host: src.fedoraproject.org 18:02:43.389968 http.c:872 => Send header: user-agent: git/2.47.1 18:02:43.389971 http.c:872 => Send header: accept: */* 18:02:43.389974 http.c:872 => Send header: accept-encoding: deflate, gzip, br 18:02:43.389978 http.c:872 => Send header: accept-language: en-US, *;q=0.9 18:02:43.389981 http.c:872 => Send header: pragma: no-cache 18:02:43.389985 http.c:872 => Send header: 18:02:43.581892 http.c:913 == Info: TLSv1.2 (IN), TLS header, Unknown (23): 18:02:43.582159 http.c:913 == Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): 18:02:43.583577 http.c:913 == Info: TLSv1.2 (IN), TLS header, Unknown (23): 18:02:43.583665 http.c:913 == Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): 18:02:43.583759 http.c:913 == Info: old SSL session ID is stale, removing 18:02:43.583816 http.c:913 == Info: TLSv1.2 (IN), TLS header, Unknown (23): 18:02:43.583975 http.c:913 == Info: TLSv1.2 (OUT), TLS header, Unknown (23): 18:02:43.610319 http.c:913 == Info: TLSv1.2 (IN), TLS header, Unknown (23): 18:02:43.610491 http.c:913 == Info: TLSv1.2 (IN), TLS header, Unknown (23): 18:02:43.610667 http.c:860 <= Recv header, 0000000013 bytes (0x0000000d) 18:02:43.610689 http.c:872 <= Recv header: HTTP/2 401 18:02:43.610709 http.c:860 <= Recv header, 0000000073 bytes (0x00000049) 18:02:43.610723 http.c:872 <= Recv header: strict-transport-security: max-age=31536000; includeSubDomains; preload 18:02:43.610739 http.c:860 <= Recv header, 0000000029 bytes (0x0000001d) 18:02:43.610751 http.c:872 <= Recv header: x-frame-options: SAMEORIGIN 18:02:43.610766 http.c:860 <= Recv header, 0000000033 bytes (0x00000021) 18:02:43.610779 http.c:872 <= Recv header: x-xss-protection: 1; mode=block 18:02:43.610792 http.c:860 <= Recv header, 0000000033 bytes (0x00000021) 18:02:43.610804 http.c:872 <= Recv header: x-content-type-options: nosniff 18:02:43.610818 http.c:860 <= Recv header, 0000000030 bytes (0x0000001e) 18:02:43.610831 http.c:872 <= Recv header: referrer-policy: same-origin 18:02:43.610844 http.c:860 <= Recv header, 0000000037 bytes (0x00000025) 18:02:43.610856 http.c:872 <= Recv header: date: Mon, 16 Jun 2025 09:02:43 GMT 18:02:43.610871 http.c:860 <= Recv header, 0000000016 bytes (0x00000010) 18:02:43.610883 http.c:872 <= Recv header: server: Apache 18:02:43.610901 http.c:860 <= Recv header, 0000000107 bytes (0x0000006b) 18:02:43.610933 http.c:872 <= Recv header: www-authenticate: Basic error="invalid_request", error_description="No bearer token found in the request" 18:02:43.610983 http.c:860 <= Recv header, 0000000021 bytes (0x00000015) 18:02:43.610998 http.c:872 <= Recv header: content-length: 381 18:02:43.611013 http.c:860 <= Recv header, 0000000045 bytes (0x0000002d) 18:02:43.611025 http.c:872 <= Recv header: content-type: text/html; charset=iso-8859-1 18:02:43.611041 http.c:860 <= Recv header, 0000000017 bytes (0x00000011) 18:02:43.611053 http.c:872 <= Recv header: apptime: D=1179 18:02:43.611066 http.c:860 <= Recv header, 0000000054 bytes (0x00000036) 18:02:43.611078 http.c:872 <= Recv header: x-fedora-proxyserver: proxy01.iad2.fedoraproject.org 18:02:43.611092 http.c:860 <= Recv header, 0000000049 bytes (0x00000031) 18:02:43.611105 http.c:872 <= Recv header: x-fedora-requestid: aE_dsyu6H3aIvNh8dc_2CQAmyBE 18:02:43.611120 http.c:860 <= Recv header, 0000000002 bytes (0x00000002) 18:02:43.611133 http.c:872 <= Recv header: 18:02:43.611190 http.c:913 == Info: Connection #0 to host src.fedoraproject.org left intact Username for 'https://src.fedoraproject.org': redadmin Password for 'https://redadmin@src.fedoraproject.org': 18:02:55.510537 http.c:913 == Info: Found bundle for host src.fedoraproject.org: 0x563102ce5c00 [can multiplex] 18:02:55.510620 http.c:913 == Info: Re-using existing connection! (#0) with host src.fedoraproject.org 18:02:55.510643 http.c:913 == Info: Connected to src.fedoraproject.org (38.145.60.20) port 443 (#0) 18:02:55.510693 http.c:913 == Info: Server auth using Basic with user 'redadmin' 18:02:55.510751 http.c:913 == Info: Using Stream ID: 3 (easy handle 0x563102cf6250) 18:02:55.510826 http.c:913 == Info: TLSv1.2 (OUT), TLS header, Unknown (23): 18:02:55.510907 http.c:860 => Send header, 0000000360 bytes (0x00000168) 18:02:55.510979 http.c:872 => Send header: GET /forks/redadmin/rpms/opendmarc.git/info/refs?service=git-receive-pack HTTP/2 18:02:55.510988 http.c:872 => Send header: Host: src.fedoraproject.org 18:02:55.511009 http.c:872 => Send header: authorization: Basic <redacted> 18:02:55.511020 http.c:872 => Send header: user-agent: git/2.47.1 18:02:55.511031 http.c:872 => Send header: accept: */* 18:02:55.511043 http.c:872 => Send header: accept-encoding: deflate, gzip, br 18:02:55.511052 http.c:872 => Send header: accept-language: en-US, *;q=0.9 18:02:55.511063 http.c:872 => Send header: pragma: no-cache 18:02:55.511070 http.c:872 => Send header: 18:02:55.763361 http.c:913 == Info: TLSv1.2 (IN), TLS header, Unknown (23): 18:02:55.763481 http.c:860 <= Recv header, 0000000013 bytes (0x0000000d) 18:02:55.763494 http.c:872 <= Recv header: HTTP/2 401 18:02:55.763506 http.c:860 <= Recv header, 0000000073 bytes (0x00000049) 18:02:55.763514 http.c:872 <= Recv header: strict-transport-security: max-age=31536000; includeSubDomains; preload 18:02:55.763534 http.c:860 <= Recv header, 0000000029 bytes (0x0000001d) 18:02:55.763542 http.c:872 <= Recv header: x-frame-options: SAMEORIGIN 18:02:55.763551 http.c:860 <= Recv header, 0000000033 bytes (0x00000021) 18:02:55.763561 http.c:872 <= Recv header: x-xss-protection: 1; mode=block 18:02:55.763568 http.c:860 <= Recv header, 0000000033 bytes (0x00000021) 18:02:55.763575 http.c:872 <= Recv header: x-content-type-options: nosniff 18:02:55.763584 http.c:860 <= Recv header, 0000000030 bytes (0x0000001e) 18:02:55.763591 http.c:872 <= Recv header: referrer-policy: same-origin 18:02:55.763607 http.c:860 <= Recv header, 0000000037 bytes (0x00000025) 18:02:55.763614 http.c:872 <= Recv header: date: Mon, 16 Jun 2025 09:02:55 GMT 18:02:55.763622 http.c:860 <= Recv header, 0000000016 bytes (0x00000010) 18:02:55.763636 http.c:872 <= Recv header: server: Apache 18:02:55.763647 http.c:913 == Info: Authentication problem. Ignoring this. 18:02:55.763664 http.c:860 <= Recv header, 0000000110 bytes (0x0000006e) 18:02:55.763672 http.c:872 <= Recv header: www-authenticate: Basic error="invalid_token", error_description="Reference token could not be introspected" 18:02:55.763728 http.c:860 <= Recv header, 0000000021 bytes (0x00000015) 18:02:55.763735 http.c:872 <= Recv header: content-length: 381 18:02:55.763743 http.c:860 <= Recv header, 0000000045 bytes (0x0000002d) 18:02:55.763751 http.c:872 <= Recv header: content-type: text/html; charset=iso-8859-1 18:02:55.763758 http.c:860 <= Recv header, 0000000018 bytes (0x00000012) 18:02:55.763766 http.c:872 <= Recv header: apptime: D=32443 18:02:55.763772 http.c:860 <= Recv header, 0000000054 bytes (0x00000036) 18:02:55.763780 http.c:872 <= Recv header: x-fedora-proxyserver: proxy01.iad2.fedoraproject.org 18:02:55.763795 http.c:860 <= Recv header, 0000000049 bytes (0x00000031) 18:02:55.763801 http.c:872 <= Recv header: x-fedora-requestid: aE_dvyu6H3aIvNh8dc_2XgAmwgk 18:02:55.763808 http.c:860 <= Recv header, 0000000002 bytes (0x00000002) 18:02:55.763814 http.c:872 <= Recv header: 18:02:55.763855 http.c:913 == Info: Connection #0 to host src.fedoraproject.org left intact fatal: Authentication failed for 'https://src.fedoraproject.org/forks/redadmin/rpms/opendmarc.git/'

Edited a month ago by redadmin

kevin commented a month ago

Hi. This is not expected to work.

For src.fedoraproject.org you need an oauth token, which fedpkg can get you.

See:

https://fedoraproject.org/wiki/Infrastructure/HTTPS-commits

If that doesn't work for some reason, feel free to reopen.

Metadata Update from @kevin:
- Issue close_status updated to: Will Not/Can Not fix
- Issue status updated to: Closed (was: Open)

a month ago

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

Needs Review

fedora-infrastructure

Source Code

#12600 Authentication failure with Pagure Personal Access Token for git push Closed: Will Not/Can Not fix a month ago by kevin. Opened a month ago by redadmin.

Description

Details:

Metadata

#12600 Authentication failure with Pagure Personal Access Token for git push

Closed: Will Not/Can Not fix a month ago by kevin. Opened a month ago by redadmin.