locked
Using PAT for git clone RRS feed

  • Question

  • Hi,

    I want to use personal access tokens (PAT) as authentication method for a git repo but get a an error:

    fatal: Authentication failed for 'https://PAT@<TFSSERVER>/<COLLECTION>/<PROJECT>/_git/<REPONAME>/'
    I run this command as another user (userB).

    "userB" has no permissions on the git repo.
    The PAT is from "userA" with all privilegs

    The command works fine if I run the command as "userA".
    "userA" has full permissions on the git repo.
    I'm not sure if the PAT is used by executing the command or the credentials from "userA" are passed through.

    The command works also fine if I run the command as "userB" and use "userA:<PASSWORD>" instead of PAT.

    My environment:
    Team Foundation Server 2017.2 (Version 15.117.26714.0)
    IIS authentication: Anonymous and Windows Authentication enabled, Basic Authentication disabled/not installed
    Git for Windows with Credential Manager

    Cheers

    Sven




    • Edited by Sven.Martin Thursday, November 16, 2017 1:29 PM formatted
    Thursday, November 16, 2017 1:08 PM

Answers

  • Hi Sven,

    Thank you for posting here.

    The personal access tokens (PAT) is for the specific user, in your scenario it should be User A.

    That means it only can be used by UserA, If you are running the git clone command with user B, the PAT will not available.

    However, just as you said you can run with User B but specify the User A and its password as the credential.

    Just as John said in this thread : In general, we don't recommend using PATs when using Git for Windows to interact with TFS on-prem. You can do this, with the http.extraheader config variable in git:

    git -c http.extraheader="AUTHORIZATION:bearer {base64-encoded-pat}" clone {url}

    However, that's clearly not ideal. I recommend using either NTLM, or using SSH key authentication for a seamless experience:

    https://www.visualstudio.com/en-us/docs/git/use-ssh-keys-to-authenticate

    Best Regards.


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by Sven.Martin Monday, November 27, 2017 2:42 PM
    Sunday, November 26, 2017 7:20 AM