Gitea: How to fix Authentication Failed, but works when trying again

When using Gitea with the standard configuration, it will often generate an error message like this:

remote: Verify
fatal: Authentication failed for 'https://gitea.mydomain.com/myuser/MyProject.git/'

but when just retrying, it will succeed

Why this error occurs

Gitea authentication is based on OAuth2 tokens. The reason why it fails first-try is that the authentication token is, by default, only valid for 1 hour, and it has expired already.

On the second try, the client will automatically refresh the token, and it will work for one hour.

How to fix it

Instead of using the default token expiration time, you can set it to a longer time, e.g. 24 hours. Consider potential security implications of this.

Edit app.ini and set the following:

[oauth2]
ACCESS_TOKEN_EXPIRATION_TIME = 86400

then, restart Gitea. New tokens will now be valid for 24 hours. You can also set it to a longer timeframe, but 24 hours is often a good compromise between usability and security. In case you want to use a longer timeframe, set ACCESS_TOKEN_EXPIRATION_TIME to the number of seconds you want the token to be valid, or N*3600 where N is the number of hours.

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow

Buy me a coffee