Git "Authentication failed" for HTTPS PAT in CI
The HTTPS credential Git supplied was rejected. The token is missing, expired, revoked, or lacks the scope for this repository, so the remote refuses authentication.
What this error means
A clone, fetch, or push over HTTPS fails with fatal: Authentication failed for the repository URL. It fails the same way every time.
git
remote: Invalid username or password.
fatal: Authentication failed for 'https://github.com/org/repo.git/'Common causes
Missing, expired, or revoked token
The PAT injected into the URL or credential helper is empty, past its expiry, or was rotated.
Insufficient token scope
A classic PAT without repo scope, or a fine-grained token without access to this repository, cannot authenticate for it.
Wrong username field
For an HTTPS token the username should be a placeholder like x-access-token (or the PAT itself), not your account password.
How to fix it
Supply a valid token correctly
- Store the PAT as a secret and inject it as the password with an x-access-token username.
- Confirm the token has not expired.
.github/workflows/ci.yml
git clone https://x-access-token:${{ secrets.GH_PAT }}@github.com/org/repo.gitGrant the right scope
- For classic PATs, enable repo scope.
- For fine-grained PATs, add repository access plus Contents read/write.
How to prevent it
- Use short-lived, least-privilege fine-grained tokens scoped to the exact repos a job needs, and rotate them before expiry. Authentication failures are deterministic, so a retry will not fix bad credentials.
Related guides
Git "Password authentication is no longer supported" in CIFix the GitHub "Support for password authentication was removed" CI error by switching HTTPS Git from an acco…
Git GITHUB_TOKEN "permission to ... denied" on push in CIFix the GitHub Actions "Permission to org/repo.git denied to github-actions[bot]" push error, caused by the d…
Git "could not read Username" with no terminal in CIFix the Git "could not read Username ... No such device or address" error in CI, caused by Git prompting for…