Gitea: How to fix Authentication Failed, but works when trying again

When using Gitea with the standard configuration, it will often generate an error message like this:

MyProject.git

remote: Verify
fatal: Authentication failed for 'https://gitea.mydomain.com/myuser/MyProject.git/'
```plaintext {filename="MyProject.git"}

but when just retrying, it will succeed

## Why this error occurs

Gitea authentication is based on *OAuth2* tokens. The reason why it fails first-try is that the authentication token is, by default, only valid for 1 hour, and it has expired already.

On the second try, the client will automatically refresh the token, and it will work for one hour.

## How to fix it

Instead of using the default token expiration time, you can set it to a longer time, e.g. 24 hours. Consider potential security implications of this.

Edit `app.ini` and set the following:

```ini {filename="app.ini"}
[oauth2]
ACCESS_TOKEN_EXPIRATION_TIME = 86400
```plaintext {filename="app.ini"}

then, restart Gitea. New tokens will now be valid for 24 hours.
You can also set it to a longer timeframe, but 24 hours is often a good compromise between usability and security. In case you want to use a longer timeframe, set `ACCESS_TOKEN_EXPIRATION_TIME` to the number of seconds you want the token to be valid, or `N*3600` where `N` is the number of hours.

remote: Verify
fatal: Authentication failed for 'https://gitea.mydomain.com/myuser/MyProject.git/'
```plaintext {filename="MyProject.git"}

but when just retrying, it will succeed

## Why this error occurs

Gitea authentication is based on *OAuth2* tokens. The reason why it fails first-try is that the authentication token is, by default, only valid for 1 hour, and it has expired already.

On the second try, the client will automatically refresh the token, and it will work for one hour.

## How to fix it

Instead of using the default token expiration time, you can set it to a longer time, e.g. 24 hours. Consider potential security implications of this.

Edit `app.ini` and set the following:

```ini {filename="app.ini"}
[oauth2]
ACCESS_TOKEN_EXPIRATION_TIME = 86400
```plaintext {filename="app.ini"}

then, restart Gitea. New tokens will now be valid for 24 hours.
You can also set it to a longer timeframe, but 24 hours is often a good compromise between usability and security. In case you want to use a longer timeframe, set `ACCESS_TOKEN_EXPIRATION_TIME` to the number of seconds you want the token to be valid, or `N*3600` where `N` is the number of hours.

Check out similar posts by category: Gitea, Git

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow

Buy me a coffee