git-credential-manager
git-credential-manager copied to clipboard
git-ecosystem
Azure DevOps - authenticating without user
Version
2.6.1+786ab03440ddc82e807a97c0e540f5247e44cec6
Operating system
Windows
OS version or distribution
Windows 11 24H2 10.0.26100 N/A Build 26100
Git hosting provider(s)
Azure DevOps
Other hosting provider
No response
(Azure DevOps only) What format is your remote URL?
https://dev.azure.com/{org}
Can you access the remote repository directly in the browser?
Yes, I can access the repository
Expected behavior
First time I expect that GCM pops up with an authentication window. Second time it should use the dpapi cache.
Actual behavior
First time it immediately fails with fatal: Authentication failed for 'https://dev.azure.com/myorgname/myprojectname/_git/myreponame/'.
Cloning with https://[email protected]/myorgname/myprojectname/_git/myreponame does trigger the authentication dialog and cloning runs fine.
When I run clone again without a username, the dpapi bits removes the cache file and the dpapi folder for this org is left completely empty.
Logs
22:26:51.912745 ...\Application.cs:106 trace: [RunInternalAsync] Version: 2.6.1.0
22:26:51.912745 ...\Application.cs:107 trace: [RunInternalAsync] Runtime: .NET Framework 4.8.9290.0
22:26:51.913748 ...\Application.cs:108 trace: [RunInternalAsync] Platform: Windows (x86-64)
22:26:51.913748 ...\Application.cs:109 trace: [RunInternalAsync] OSVersion: 10.0 (build 26100)
22:26:51.913748 ...\Application.cs:110 trace: [RunInternalAsync] AppPath: C:\Program Files\Git\mingw64\bin\git-credential-manager.exe
22:26:51.913748 ...\Application.cs:111 trace: [RunInternalAsync] InstallDir: C:\Program Files\Git\mingw64\bin\
22:26:51.914745 ...\Application.cs:112 trace: [RunInternalAsync] Arguments: erase
22:26:51.949746 ...GitCommandBase.cs:32 trace: [ExecuteAsync] Start 'erase' command...
22:26:52.007272 ...GitCommandBase.cs:46 trace: [ExecuteAsync] Detecting host provider for input:
22:26:52.009257 ...GitCommandBase.cs:47 trace: [ExecuteAsync] protocol=https
22:26:52.009257 ...GitCommandBase.cs:47 trace: [ExecuteAsync] host=dev.azure.com
22:26:52.009257 ...GitCommandBase.cs:47 trace: [ExecuteAsync] path=myorg/myproject/_git/myrepo
22:26:52.009257 ...GitCommandBase.cs:47 trace: [ExecuteAsync] username=test
22:26:52.010258 ...GitCommandBase.cs:47 trace: [ExecuteAsync] password=********
22:26:52.010258 ...GitCommandBase.cs:47 trace: [ExecuteAsync] wwwauth=Basic realm="https://tfsprodweu5.visualstudio.com/"
22:26:52.013256 ...viderRegistry.cs:149 trace: [GetProviderAsync] Performing auto-detection of host provider.
22:26:52.014256 ...viderRegistry.cs:162 trace: [GetProviderAsync] Auto-detect probe timeout is 2 ms.
22:26:52.015274 ...viderRegistry.cs:170 trace: [GetProviderAsync] Checking against 4 host providers registered with priority 'Normal'.
22:26:52.016256 ...GitCommandBase.cs:49 trace: [ExecuteAsync] Host provider 'Azure Repos' was selected.
22:26:52.019275 ...sHostProvider.cs:180 trace: [EraseCredentialAsync] Erasing stored credential in store with service=https://dev.azure.com/myorg account=...
22:26:52.022273 ...sHostProvider.cs:188 trace: [EraseCredentialAsync] No credential was erased.
22:26:52.022273 ...GitCommandBase.cs:53 trace: [ExecuteAsync] End 'erase' command...```
why is it authenticating with this test user?
Hey @cveld, it would really help us if you could run git credential-manager diagnose and put the output file here. It contains private information so please, remove that before pasting the file here.
It allows us to expect the context more and find the root cause easier.
Thanks
@cveld I’m going to close this issue. You’re welcome to reopen it at any time. Before reopening, could you please share the requested logs as mentioned earlier? That will help us investigate the issue more effectively.
@ridgunn
Maybe it has something to do with the many tenants I connect with? Is gcm only capable of cloning from Azure DevOps orgs that are connected with the primary tenant? No, that can't be the case. I was able to clone from orgs where I am guest. There is no az cli integration with gcm right? Gcm does the auth flow all by itself.
Unfortunately I don't have permissions to reopen the issue.
Is there some secure way I can share the log with you? What you expect to learn from the log? Everything is green:
Running diagnostics...
[ OK ] Environment
[ OK ] File system
[ OK ] Networking
[ OK ] Git
[ OK ] Credential storage
[ OK ] Microsoft authentication (AAD/MSA)
[ OK ] GitHub API
Diagnostic summary: 7 passed, 0 skipped, 0 failed.
Here the filtered log file (if there is still some sensitive value, please let me know):
Diagnose log at 2025-12-18T08:00:47Z
AppPath: C:\Program Files\Git\mingw64\bin\git-credential-manager.exe
InstallDir: C:\Program Files\Git\mingw64\bin\
Version: 2.6.1+786ab03440ddc82e807a97c0e540f5247e44cec6
------------
Diagnostic: Environment
Skipped: False
Success: True
Exception: None
Log:
OSType: Windows
OSVersion: 10.0 (build 26100)
Reading environment variables... OK
Variables:
POSH_SHELL=pwsh
PUBLIC=C:\Users\Public
TF_CLI_CONFIG_FILE=C:\Users\CarlintVeld\.terraformrc
AZURE_CONFIG_DIR=C:\Users\CarlintVeld/.azsomecustomer
AZURE_METERING_INFRA_CLIENT_ID=<redacted>
ALLUSERSPROFILE=C:\ProgramData
LOGONSERVER=\\CN-CVXXKL3
LOCALAPPDATA=C:\Users\CarlintVeld\AppData\Local
VSCODE_STABLE=1
ProgramData=C:\ProgramData
AzureRmSubscriptionName=somecustomer-Sandbox-001
AZ_INSTALLER=MSI
TMPDIR=C:\Users\CARLIN~1\AppData\Local\Temp
POSH_SESSION_ID=02385640-6823-4323-a61c-331dfb1d1937
GCM_INTERACTIVE=always
BUNDLED_DEBUGPY_PATH=c:\Users\CarlintVeld\.vscode\extensions\ms-python.debugpy-2025.16.0-win32-x64\bundled\libs\debugpy
AZURE_METERING_INFRA_CAPTURE_FILENAME_FORMAT={Namespace}/{EventHub}/p{PartitionId}--{Year}-{Month}-{Day}--{Hour}-{Minute}-{Second}
ProgramW6432=C:\Program Files
git_trace=0
ZES_ENABLE_SYSMAN=1
PYTHONSTARTUP=c:\Users\CarlintVeld\AppData\Roaming\Code\User\workspaceStorage\717704c27cea59aa63fe51d2025c3ab3\ms-python.python\pythonrc.py
GIT_EXEC_PATH=C:/Program Files/Git/mingw64/libexec/git-core
VSCODE_DEBUGPY_ADAPTER_ENDPOINTS=c:\Users\CarlintVeld\.vscode\extensions\ms-python.debugpy-2025.16.0-win32-x64\.noConfigDebugAdapterEndpoints\endpoint-ad56376c72eb6521.txt
POSH_CURSOR_LINE=21
SystemDrive=C:
MSYSTEM=MINGW64
GCM_TRACE=0
POSH_THEMES_PATH=C:\Users\CarlintVeld\AppData\Local\Programs\oh-my-posh\themes
OS=Windows_NT
PROCESSOR_ARCHITECTURE=x86
POWERLINE_COMMAND=oh-my-posh
TG_DOWNLOAD_DIR=C:\Temp\terragrunt
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.RB;.RBW;.CPL
VSCODE_GIT_ASKPASS_MAIN=c:\Users\CarlintVeld\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\git\dist\askpass-main.js
PYDEVD_DISABLE_FILE_VALIDATION=1
IGCCSVC_DB=<redacted>
CommonProgramW6432=C:\Program Files\Common Files
ProgramFiles(x86)=C:\Program Files (x86)
VSCODE_GIT_ASKPASS_EXTRA_ARGS=
USERPROFILE=C:\Users\CarlintVeld
AZURE_METERING_INFRA_TENANT_ID=<redacted>
GOPATH=C:\Users\CarlintVeld\go
POSH_AZURE_SUBSCRIPTION=<redacted>
USERNAME=CarlintVeld
NVM_HOME=C:\Users\CarlintVeld\AppData\Roaming\nvm
AZURE_METERING_INFRA_CHECKPOINTS_CONTAINER=<redacted>
JABRA_NATIVE_BLUETOOTH=true
AZURE_METERING_MARKETPLACE_TENANT_ID=<redacted>
GIT_ASKPASS=c:\Users\CarlintVeld\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\git\dist\askpass.sh
CommonProgramFiles=C:\Program Files (x86)\Common Files
VSCODE_INJECTION=1
PYTHON_BASIC_REPL=1
TERM=xterm-256color
LANG=en_US.UTF-8
ProgramFiles=C:\Program Files (x86)
OneDrive=C:\Users\CarlintVeld\OneDrive - CloudNation
PSModulePath=C:\Users\CarlintVeld\OneDrive - CloudNation\Documents\PowerShell\Modules;C:\Program Files\PowerShell\Modules;c:\program files\powershell\7\Modules;C:\Program Files\WindowsPowerShell\Modules;C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules;c:\Users\CarlintVeld\.vscode\extensions\ms-vscode.powershell-2025.4.0\modules
OneDriveCommercial=C:\Users\CarlintVeld\OneDrive - CloudNation
ChocolateyInstall=C:\ProgramData\chocolatey
AZURE_METERING_MARKETPLACE_CLIENT_ID=<redacted>
FPS_BROWSER_APP_PROFILE_STRING=Internet Explorer
VSCODE_GIT_IPC_HANDLE=\\.\pipe\vscode-git-610c3c975b-sock
AZURE_METERING_INFRA_EVENTHUB_NAMESPACENAME=spqtqumrsyflcn2
CONDA_PROMPT_MODIFIER=False
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
AZURE_METERING_MARKETPLACE_CLIENT_SECRET=<redacted>
FPS_BROWSER_USER_PROFILE_STRING=Default
SystemRoot=C:\WINDOWS
ComSpec=C:\WINDOWS\system32\cmd.exe
ChocolateyLastPathUpdate=133010049736631578
POSH_CURSOR_COLUMN=1
PROCESSOR_LEVEL=6
NVM_SYMLINK=C:\nvm4w\nodejs
HOMEDRIVE=C:
OneDriveConsumer=C:\data\PersonalOneDrive\OneDrive
AZURE_METERING_MAX_DURATION_BETWEEN_SNAPSHOTS=00:05:00
AZURE_METERING_INFRA_CAPTURE_CONTAINER=<redacted>
USERDOMAIN_ROAMINGPROFILE=AzureAD
GIT_TRACE2_PARENT_SID=6162864e-a753-4a63-a738-4db26b3a6638
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 154 Stepping 3, GenuineIntel
OculusBase=C:\Program Files\Oculus\
Path=C:/Program Files/Git/mingw64/libexec/git-core;C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;C:\Users\CarlintVeld\bin;C:\Program Files\PowerShell\7;c:\Users\CarlintVeld\AppData\Roaming\Code\User\globalStorage\github.copilot-chat\debugCommand;c:\Users\CarlintVeld\AppData\Roaming\Code\User\globalStorage\github.copilot-chat\copilotCli;C:\Program Files\Microsoft SDKs\Azure\CLI2\wbin;C:\Program Files\Eclipse Adoptium\jre-21.0.6.7-hotspot\bin;C:\Program Files\Microsoft\jdk-11.0.16.101-hotspot\bin;C:\Program Files\Oculus\Support\oculus-runtime;C:\Users\CarlintVeld\.azure-kubelogin;C:\Users\CarlintVeld\.azure-kubectl;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\WindowsPowerShell\Scripts;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\;C:\Program Files\Microsoft SQL Server\150\Tools\Binn\;C:\Program Files (x86)\gsudo\;C:\ProgramData\chocolatey\bin;C:\Program Files\Graphviz\bin;C:\ProgramData\chocolatey\lib\pulumi\tools\Pulumi\bin;C:\Users\CarlintVeld\AppData\Roaming\nvm;C:\Program Files\nodejs;C:\Program Files\GitHub CLI\;C:\Program Files (x86)\Microsoft SQL Server\150\DTS\Binn\;C:\Program Files\Azure Data Studio\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\WireGuard\;C:\Users\CarlintVeld\.krew\bin;C:\Program Files (x86)\GnuWin32\bin;C:\Program Files (x86)\Microsoft SQL Server\160\DTS\Binn\;C:\Program Files\Vagrant\bin;C:\Program Files\usbipd-win\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\Microsoft\Azure Functions Core Tools\;C:\Users\CarlintVeld\AppData\Roaming\nvm;C:\nvm4w\nodejs;C:\Program Files\Docker\Docker\resources\bin;C:\Program Files\Git\cmd;C:\Program Files\Microsoft SQL Server\170\Tools\Binn\;C:\Program Files\Go\bin;C:\Program Files\PowerShell\7\;C:\Program Files\Tailscale\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\dotnet\;C:\Users\CarlintVeld\AppData\Local\Programs\Python\Launcher\;C:\Users\CarlintVeld\AppData\Local\Programs\Python\Python310\Scripts\;C:\Users\CarlintVeld\AppData\Local\Programs\Python\Python310\;C:\Ruby32-x64\bin;C:\Users\CarlintVeld\.azure-kubelogin;C:\Users\CarlintVeld\.azure-kubectl;C:\Users\CarlintVeld\AppData\Local\Microsoft\WindowsApps;C:\Users\CarlintVeld\.dotnet\tools;C:\Users\CarlintVeld\AppData\Local\GitHubDesktop\bin;C:\Users\CarlintVeld\AppData\Local\Programs\oh-my-posh\bin;c:\dapr;C:\Users\CarlintVeld\.dapr\bin;C:\Users\CarlintVeld\AppData\Roaming\nvm;C:\Program Files\nodejs;C:\Program Files\Azure Data Studio\bin;C:\WINDOWS\system32\config\systemprofile\.dotnet\tools;C:\Users\CarlintVeld\AppData\Local\Microsoft\WinGet\Links;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;C:\Program Files\aztfy\;C:\WINDOWS\system32\config\systemprofile\go\bin;C:\Users\CarlintVeld\AppData\Local\Programs\Ollama;C:\Users\CarlintVeld\AppData\Local\Programs\Microsoft VS Code\bin;C:\Users\CarlintVeld\AppData\Local\radius;C:\Program Files\Lens\resources\cli\bin;C:\Users\CarlintVeld\AppData\Local\Programs\Azure Dev CLI\;C:\Users\CarlintVeld\AppData\Local\Microsoft\WindowsApps;C:\Users\CarlintVeld\.dotnet\tools;C:\Users\CarlintVeld\AppData\Local\Programs\cursor\resources\app\bin;C:\Users\CarlintVeld\AppData\Local\Programs\OpenTofu;C:\Users\CarlintVeld\.dotnet\tools;C:\Users\CarlintVeld\AppData\Local\Programs\Fiddler;C:\Users\CarlintVeld\AppData\Roaming\nvm;C:\nvm4w\nodejs;C:\Users\CarlintVeld\.dotnet\tools;C:\Users\CarlintVeld\AppData\Local\Programs\Bicep CLI;C:\Users\CarlintVeld\go\bin;C:\Users\CarlintVeld\AppData\Local\Programs\Microsoft VS Code Insiders\bin;c:\Users\CarlintVeld\.vscode\extensions\ms-python.debugpy-2025.16.0-win32-x64\bundled\scripts\noConfigScripts
windir=C:\WINDOWS
SESSIONNAME=Console
TMP=C:\Users\CARLIN~1\AppData\Local\Temp
COMPUTERNAME=CN-CVXXKL3
TG_TF_PATH=C:\Users\CarlintVeld\AppData\Local\Microsoft\WinGet\Links\terraform.exe
TERM_PROGRAM_VERSION=1.107.0
APPDATA=C:\Users\CarlintVeld\AppData\Roaming
PROCESSOR_REVISION=9a03
VSCODE_NONCE=c633620b-d9ea-43de-90b2-f8b5a422a31b
AZURE_METERING_MAX_NUMBER_OF_EVENTS_BETWEEN_SNAPSHOTS=10
USERDOMAIN=AzureAD
NUMBER_OF_PROCESSORS=20
POSH_THEME=C:\data\PersonalOneDrive\OneDrive\src\OhMyPosh\config.ohmyposh.json
CHROME_CRASHPAD_PIPE_NAME=\\.\pipe\crashpad_6844_GOYBQQPJSPBVOAVW
AZURE_METERING_INFRA_SNAPSHOTS_CONTAINER=<redacted>
POSH_AZURE_ENABLED=True
AZURE_IDENTITY_DISABLE_WAM=1
POWERSHELL_DISTRIBUTION_CHANNEL=PSES
DriverData=C:\Windows\System32\Drivers\DriverData
PLINK_PROTOCOL=ssh
AZURE_METERING_INFRA_CLIENT_SECRET=<redacted>
HOMEPATH=\Users\CarlintVeld
POSH_INSTALLER=winget
LIBJABRA_TRACE_LEVEL=INFO
PSExecutionPolicyPreference=Bypass
COLORTERM=truecolor
HOME=C:\Users\CarlintVeld
PROCESSOR_ARCHITEW6432=AMD64
TEMP=C:\Users\CARLIN~1\AppData\Local\Temp
AZURE_METERING_INFRA_EVENTHUB_INSTANCENAME=metering
POSH_SHELL_VERSION=7.5.4
TERM_PROGRAM=vscode
EFC_16936_1592913036=1
VSCODE_GIT_ASKPASS_NODE=C:\Users\CarlintVeld\AppData\Local\Programs\Microsoft VS Code\Code.exe
------------
Diagnostic: File system
Skipped: False
Success: True
Exception: None
Log:
Temporary directory is 'C:\Users\CarlintVeld\AppData\Local\Temp\'...
Checking basic file I/O...
Writing to temporary file 'C:\Users\CarlintVeld\AppData\Local\Temp\b5b34512a9072e17820c3888'... OK
Reading from temporary file 'C:\Users\CarlintVeld\AppData\Local\Temp\b5b34512a9072e17820c3888'... OK
Deleting temporary file 'C:\Users\CarlintVeld\AppData\Local\Temp\b5b34512a9072e17820c3888'... OK
Testing IFileSystem instance...
UserHomePath: C:\Users\CarlintVeld
UserDataDirectoryPath: C:\Users\CarlintVeld\.gcm
GetCurrentDirectory(): C:\work\git\somecustomer\somecustomerAzurePlatform
------------
Diagnostic: Networking
Skipped: False
Success: True
Exception: None
Log:
Checking networking and HTTP stack...
Creating HTTP client... OK
IsNetworkAvailable: True
Sending HEAD request to http://example.com...Sending HEAD request to https://example.com... OK
OK
Acquiring free TCP port... OK
Testing local HTTP loopback connections...
Creating new HTTP listener for http://localhost:58790/... OK
Waiting for loopback connection... OK
Writing response... OK
Waiting for response data... OK
Loopback connection data OK
------------
Diagnostic: Git
Skipped: False
Success: True
Exception: None
Log:
Getting Git version... OK
Git version is '2.51.0.windows.1'
Locating current repository...Not inside a Git repository.
OK
Listing all Git configuration... OK
Git configuration:
file:C:/Program Files/Git/etc/gitconfig diff.astextplain.textconv=astextplain
file:C:/Program Files/Git/etc/gitconfig filter.lfs.clean=git-lfs clean -- %f
file:C:/Program Files/Git/etc/gitconfig filter.lfs.smudge=git-lfs smudge -- %f
file:C:/Program Files/Git/etc/gitconfig filter.lfs.process=git-lfs filter-process
file:C:/Program Files/Git/etc/gitconfig filter.lfs.required=true
file:C:/Program Files/Git/etc/gitconfig http.sslbackend=schannel
file:C:/Program Files/Git/etc/gitconfig core.autocrlf=true
file:C:/Program Files/Git/etc/gitconfig core.fscache=true
file:C:/Program Files/Git/etc/gitconfig core.symlinks=true
file:C:/Program Files/Git/etc/gitconfig pull.rebase=false
file:C:/Program Files/Git/etc/gitconfig credential.https://dev.azure.com.usehttppath=true
file:C:/Program Files/Git/etc/gitconfig init.defaultbranch=master
file:C:/Users/CarlintVeld/.gitconfig core.editor="C:\Users\CarlintVeld\AppData\Local\Programs\Microsoft VS Code\bin\code" --wait
file:C:/Users/CarlintVeld/.gitconfig core.longpaths=true
file:C:/Users/CarlintVeld/.gitconfig [email protected]
file:C:/Users/CarlintVeld/.gitconfig user.name=Carl in 't Veld
file:C:/Users/CarlintVeld/.gitconfig filter.lfs.clean=git-lfs clean -- %f
file:C:/Users/CarlintVeld/.gitconfig filter.lfs.smudge=git-lfs smudge -- %f
file:C:/Users/CarlintVeld/.gitconfig filter.lfs.process=git-lfs filter-process
file:C:/Users/CarlintVeld/.gitconfig filter.lfs.required=true
file:C:/Users/CarlintVeld/.gitconfig credential.credentialstore=dpapi
file:C:/Users/CarlintVeld/.gitconfig credential.helper=C:/Program\ Files/Git/mingw64/bin/git-credential-manager.exe
file:C:/Users/CarlintVeld/.gitconfig credential.writelog=true
file:C:/Users/CarlintVeld/.gitconfig credential.https://buildserver.247tailorsteel.com.provider=generic
file:C:/Users/CarlintVeld/.gitconfig init.defaultbranch=main
file:C:/Users/CarlintVeld/.gitconfig credential.https://tfs.circlesoftware.nl.provider=generic
file:C:/Users/CarlintVeld/.gitconfig safe.directory=C:/work/git/somecustomer/somecustomerInfraScripts/main-infrascripts
file:C:/Users/CarlintVeld/.gitconfig safe.directory=C:/work/git/somecustomer2/someproject/main-chatapp-tf
file:C:/Users/CarlintVeld/.gitconfig url.https://test:[email protected]=https://dev.azure.com
file:C:/Users/CarlintVeld/.gitconfig url.azure-devops-somecustomer:v3/somecustomer/somecustomerCloudInfrastructure/somecustomerTerraformModules.insteadof=https://dev.azure.com/somecustomer/somecustomerCloudInfrastructure/_git/somecustomerTerraformModules
file:C:/Users/CarlintVeld/.gitconfig url.azure-devops-somecustomer:v3/somecustomer/somecustomerCloudInfrastructure/somecustomerTerraformSharedServices.insteadof=https://dev.azure.com/somecustomer/somecustomerCloudInfrastructure/_git/somecustomerTerraformSharedServices
------------
Diagnostic: Credential storage
Skipped: False
Success: True
Exception: None
Log:
ICredentialStore instance is of type: CredentialStore
Writing test credential... OK
Reading test credential... OK
Deleting test credential... OK
------------
Diagnostic: Microsoft authentication (AAD/MSA)
Skipped: False
Success: True
Exception: None
Log:
Broker is not enabled.
Flow type is: Auto
Gathering MSAL token cache data... OK
CacheDirectory: C:\Users\CarlintVeld\AppData\Local\.IdentityService
CacheFileName: msal.cache
CacheFilePath: C:\Users\CarlintVeld\AppData\Local\.IdentityService\msal.cache
Creating cache helper... OK
Verifying MSAL token cache persistence... OK
------------
Diagnostic: GitHub API
Skipped: False
Success: True
Exception: None
Log:
Using 'https://github.com/' as API target.
Querying '/meta' endpoint... OK
Hello @cveld,
First time it immediately fails with fatal: Authentication failed for 'https://dev.azure.com/myorgname/myprojectname/_git/myreponame/'.
Could you please try running your Git command again with GCM_TRACE=1 enabled? This will provide detailed logs for troubleshooting.
There is no az cli integration with gcm right? Gcm does the auth flow all by itself.
What kind of integration do you need between az cli and gcm? You can check possible integration Web Account Manager Integration
Is there some secure way I can share the log with you?
Unfortunately, there’s no direct way to share the log other than posting it as a GitHub comment. Before doing so, I recommend removing any sensitive details such as user names, organization names, or other private information from the log.
What you expect to learn from the log? Everything is green:
Are these logs produced during failed authentication? If no, please reproduce and don't forget to set GCM_TRACE=1 before your git command
Hey @cveld looking at the git credential-manager diagnose I can see that you that you should have the credential.manager=helper in your config.
Try running the git config --global credential.manager helper and try again.
I do not really understand what is your issue but this is how GCM should be properly setup.
I removed git and gcm and reinstalled git for windows with:
winget install --id Git.Git -e --source winget
git config --global credential.manager helper
Log without user, i.e. git clone https://dev.azure.com/myorg/myproj/_git/myrepo
Cloning into 'repo'...
21:10:59.334094 ...\Application.cs:106 trace: [RunInternalAsync] Version: 2.6.1.0
21:10:59.334094 ...\Application.cs:107 trace: [RunInternalAsync] Runtime: .NET Framework 4.8.9310.0
21:10:59.334094 ...\Application.cs:108 trace: [RunInternalAsync] Platform: Windows (x86-64)
21:10:59.334094 ...\Application.cs:109 trace: [RunInternalAsync] OSVersion: 10.0 (build 26100)
21:10:59.334094 ...\Application.cs:110 trace: [RunInternalAsync] AppPath: C:\Program Files\Git\mingw64\bin\git-credential-manager.exe
21:10:59.335025 ...\Application.cs:111 trace: [RunInternalAsync] InstallDir: C:\Program Files\Git\mingw64\bin\
21:10:59.335025 ...\Application.cs:112 trace: [RunInternalAsync] Arguments: erase
21:10:59.366608 ...GitCommandBase.cs:32 trace: [ExecuteAsync] Start 'erase' command...
21:10:59.380757 ...GitCommandBase.cs:46 trace: [ExecuteAsync] Detecting host provider for input:
21:10:59.381824 ...GitCommandBase.cs:47 trace: [ExecuteAsync] protocol=https
21:10:59.381824 ...GitCommandBase.cs:47 trace: [ExecuteAsync] host=dev.azure.com
21:10:59.381824 ...GitCommandBase.cs:47 trace: [ExecuteAsync] path=myorg/myproj/_git/myrepo
21:10:59.381824 ...GitCommandBase.cs:47 trace: [ExecuteAsync] username=test
21:10:59.381824 ...GitCommandBase.cs:47 trace: [ExecuteAsync] password=********
21:10:59.381824 ...GitCommandBase.cs:47 trace: [ExecuteAsync] wwwauth=Basic realm="https://tfsprodweu5.visualstudio.com/"
21:10:59.384793 ...viderRegistry.cs:149 trace: [GetProviderAsync] Performing auto-detection of host provider.
21:10:59.384793 ...viderRegistry.cs:162 trace: [GetProviderAsync] Auto-detect probe timeout is 2 ms.
21:10:59.385981 ...viderRegistry.cs:170 trace: [GetProviderAsync] Checking against 4 host providers registered with priority 'Normal'.
21:10:59.386554 ...GitCommandBase.cs:49 trace: [ExecuteAsync] Host provider 'Azure Repos' was selected.
21:10:59.388798 ...sHostProvider.cs:180 trace: [EraseCredentialAsync] Erasing stored credential in store with service=https://dev.azure.com/myorg account=...
21:10:59.391104 ...sHostProvider.cs:188 trace: [EraseCredentialAsync] No credential was erased.
21:10:59.391104 ...GitCommandBase.cs:53 trace: [ExecuteAsync] End 'erase' command...
21:10:59.567333 ...\Application.cs:106 trace: [RunInternalAsync] Version: 2.6.1.0
21:10:59.567333 ...\Application.cs:107 trace: [RunInternalAsync] Runtime: .NET Framework 4.8.9310.0
21:10:59.567333 ...\Application.cs:108 trace: [RunInternalAsync] Platform: Windows (x86-64)
21:10:59.567333 ...\Application.cs:109 trace: [RunInternalAsync] OSVersion: 10.0 (build 26100)
21:10:59.567333 ...\Application.cs:110 trace: [RunInternalAsync] AppPath: C:\Program Files\Git\mingw64\bin\git-credential-manager.exe
21:10:59.567333 ...\Application.cs:111 trace: [RunInternalAsync] InstallDir: C:\Program Files\Git\mingw64\bin\
21:10:59.567333 ...\Application.cs:112 trace: [RunInternalAsync] Arguments: erase
21:10:59.605184 ...GitCommandBase.cs:32 trace: [ExecuteAsync] Start 'erase' command...
21:10:59.620558 ...GitCommandBase.cs:46 trace: [ExecuteAsync] Detecting host provider for input:
21:10:59.622128 ...GitCommandBase.cs:47 trace: [ExecuteAsync] protocol=https
21:10:59.622128 ...GitCommandBase.cs:47 trace: [ExecuteAsync] host=dev.azure.com
21:10:59.622128 ...GitCommandBase.cs:47 trace: [ExecuteAsync] path=myorg/myproj/_git/myrepo
21:10:59.622128 ...GitCommandBase.cs:47 trace: [ExecuteAsync] username=test
21:10:59.622128 ...GitCommandBase.cs:47 trace: [ExecuteAsync] password=********
21:10:59.622128 ...GitCommandBase.cs:47 trace: [ExecuteAsync] wwwauth=Basic realm="https://tfsprodweu5.visualstudio.com/"
21:10:59.625185 ...viderRegistry.cs:149 trace: [GetProviderAsync] Performing auto-detection of host provider.
21:10:59.625185 ...viderRegistry.cs:162 trace: [GetProviderAsync] Auto-detect probe timeout is 2 ms.
21:10:59.626134 ...viderRegistry.cs:170 trace: [GetProviderAsync] Checking against 4 host providers registered with priority 'Normal'.
21:10:59.627366 ...GitCommandBase.cs:49 trace: [ExecuteAsync] Host provider 'Azure Repos' was selected.
21:10:59.630376 ...sHostProvider.cs:180 trace: [EraseCredentialAsync] Erasing stored credential in store with service=https://dev.azure.com/myorg account=...
21:10:59.633636 ...sHostProvider.cs:188 trace: [EraseCredentialAsync] No credential was erased.
21:10:59.633636 ...GitCommandBase.cs:53 trace: [ExecuteAsync] End 'erase' command...
fatal: Authentication failed for 'https://dev.azure.com/myorg/myproj/_git/myrepo/'
Log with user, i.e. git clone https://[email protected]/myorg/myproj/_git/myrepo (user value doesn't matter, can be any value. I literally used test)
Cloning into 'repo'...
21:11:36.551169 ...\Application.cs:106 trace: [RunInternalAsync] Version: 2.6.1.0
21:11:36.552189 ...\Application.cs:107 trace: [RunInternalAsync] Runtime: .NET Framework 4.8.9310.0
21:11:36.552189 ...\Application.cs:108 trace: [RunInternalAsync] Platform: Windows (x86-64)
21:11:36.552189 ...\Application.cs:109 trace: [RunInternalAsync] OSVersion: 10.0 (build 26100)
21:11:36.552189 ...\Application.cs:110 trace: [RunInternalAsync] AppPath: C:\Program Files\Git\mingw64\bin\git-credential-manager.exe
21:11:36.552189 ...\Application.cs:111 trace: [RunInternalAsync] InstallDir: C:\Program Files\Git\mingw64\bin\
21:11:36.552189 ...\Application.cs:112 trace: [RunInternalAsync] Arguments: get
21:11:36.587335 ...GitCommandBase.cs:32 trace: [ExecuteAsync] Start 'get' command...
21:11:36.603395 ...GitCommandBase.cs:46 trace: [ExecuteAsync] Detecting host provider for input:
21:11:36.604395 ...GitCommandBase.cs:47 trace: [ExecuteAsync] capability[]=authtype
21:11:36.604395 ...GitCommandBase.cs:47 trace: [ExecuteAsync] capability[]=state
21:11:36.604395 ...GitCommandBase.cs:47 trace: [ExecuteAsync] protocol=https
21:11:36.604395 ...GitCommandBase.cs:47 trace: [ExecuteAsync] host=dev.azure.com
21:11:36.604395 ...GitCommandBase.cs:47 trace: [ExecuteAsync] path=myorg/myproj/_git/myrepo
21:11:36.604395 ...GitCommandBase.cs:47 trace: [ExecuteAsync] username=test
21:11:36.604395 ...GitCommandBase.cs:47 trace: [ExecuteAsync] wwwauth=Basic realm="https://tfsprodweu5.visualstudio.com/"
21:11:36.607384 ...viderRegistry.cs:149 trace: [GetProviderAsync] Performing auto-detection of host provider.
21:11:36.608384 ...viderRegistry.cs:162 trace: [GetProviderAsync] Auto-detect probe timeout is 2 ms.
21:11:36.609385 ...viderRegistry.cs:170 trace: [GetProviderAsync] Checking against 4 host providers registered with priority 'Normal'.
21:11:36.609385 ...GitCommandBase.cs:49 trace: [ExecuteAsync] Host provider 'Azure Repos' was selected.
21:11:36.614503 ...osHostProvider.cs:99 trace: [GetCredentialAsync] Looking for existing credential in store with service=https://dev.azure.com/myorg account=...
21:11:36.617513 ...sHostProvider.cs:104 trace: [GetCredentialAsync] No existing credentials found.
21:11:36.617513 ...sHostProvider.cs:107 trace: [GetCredentialAsync] Creating new credential...
21:11:36.619887 ...sHostProvider.cs:232 trace: [GeneratePersonalAccessTokenAsync] Determining Microsoft Authentication Authority...
21:11:36.623411 ...eDevOpsRestApi.cs:43 trace: [GetAuthorityAsync] HTTP: HEAD https://dev.azure.com/myorg
21:11:36.627419 ...pClientFactory.cs:60 trace: [CreateClient] Creating new HTTP client instance...
21:11:36.659272 ...pClientFactory.cs:80 trace: [CreateClient] Git's SSL/TLS backend is: Schannel
21:11:37.835004 ...eDevOpsRestApi.cs:46 trace: [GetAuthorityAsync] HTTP: Response code ignored.
21:11:37.835004 ...eDevOpsRestApi.cs:47 trace: [GetAuthorityAsync] Inspecting headers...
21:11:37.836997 ...eDevOpsRestApi.cs:54 trace: [GetAuthorityAsync] Found WWW-Authenticate header with Bearer authority 'https://login.microsoftonline.com/mytenant'.
21:11:37.836997 ...sHostProvider.cs:234 trace: [GeneratePersonalAccessTokenAsync] Authority is 'https://login.microsoftonline.com/mytenant'.
21:11:37.836997 ...sHostProvider.cs:237 trace: [GeneratePersonalAccessTokenAsync] Getting Azure AD access token...
21:11:37.889820 ...uthentication.cs:137 trace: [GetTokenForUserAsync] OS broker is not available or enabled.
21:11:37.889820 ...uthentication.cs:143 trace: [GetTokenForUserAsync] MSA passthrough is enabled.
21:11:37.909983 ...uthentication.cs:495 trace: [CreatePublicClientApplicationAsync] Using console parent window ID '5968778' for MSAL authentication dialogs.
21:11:37.937167 ...uthentication.cs:569 trace: [RegisterTokenCacheAsync] Configuring MSAL token cache...
21:11:37.985008 ...uthentication.cs:624 trace: [RegisterTokenCacheAsync] Token cache configured.
21:11:37.987616 ...uthentication.cs:230 trace: [GetTokenForUserAsync] Performing interactive auth with embedded web view...
21:11:38.047499 ...pClientFactory.cs:60 trace: [CreateClient] Creating new HTTP client instance...
21:11:38.048507 ...pClientFactory.cs:80 trace: [CreateClient] Git's SSL/TLS backend is: Schannel
21:11:46.490527 ...sHostProvider.cs:245 trace: [GeneratePersonalAccessTokenAsync] Acquired Azure access token. Account='[email protected]' Token='********'
21:11:46.490527 ...sHostProvider.cs:254 trace: [GeneratePersonalAccessTokenAsync] Creating Azure DevOps PAT with scopes 'vso.code_write, vso.packaging'...
21:11:46.492066 ...DevOpsRestApi.cs:117 trace: [CreatePersonalAccessTokenAsync] Getting Azure DevOps Identity Service endpoint...
21:11:46.493068 ...DevOpsRestApi.cs:167 trace: [GetIdentityServiceUriAsync] HTTP: GET https://dev.azure.com/myorg/_apis/ServiceDefinitions/LocationService2/951917AC-A960-4999-8464-E3F0AA25B381?api-version=1.0
21:11:47.056533 ...DevOpsRestApi.cs:171 trace: [GetIdentityServiceUriAsync] HTTP: Response 200 [OK]
21:11:47.058635 ...DevOpsRestApi.cs:119 trace: [CreatePersonalAccessTokenAsync] Identity Service endpoint is 'https://spsprodweu2.vssps.visualstudio.com/mytenant/'.
21:11:47.058635 ...DevOpsRestApi.cs:123 trace: [CreatePersonalAccessTokenAsync] HTTP: POST https://spsprodweu2.vssps.visualstudio.com/mytenant/_apis/token/sessiontokens?api-version=1.0&tokentype=compact
21:11:48.360378 ...DevOpsRestApi.cs:128 trace: [CreatePersonalAccessTokenAsync] HTTP: Response 200 [OK]
21:11:48.363177 ...sHostProvider.cs:259 trace: [GeneratePersonalAccessTokenAsync] PAT created. PAT='********'
21:11:48.364177 ...sHostProvider.cs:109 trace: [GetCredentialAsync] Credential created.
21:11:48.364177 ...\GetCommand.cs:39 trace: [ExecuteInternalAsync] Writing credentials to output:
21:11:48.364177 ...\GetCommand.cs:40 trace: [ExecuteInternalAsync] protocol=https
21:11:48.364177 ...\GetCommand.cs:40 trace: [ExecuteInternalAsync] host=dev.azure.com
21:11:48.364177 ...\GetCommand.cs:40 trace: [ExecuteInternalAsync] path=myorg/myproj/_git/myrepo
21:11:48.364177 ...\GetCommand.cs:40 trace: [ExecuteInternalAsync] [email protected]
21:11:48.364177 ...\GetCommand.cs:40 trace: [ExecuteInternalAsync] password=********
21:11:48.364177 ...GitCommandBase.cs:53 trace: [ExecuteAsync] End 'get' command...
Do notice that gcm is calling the erase command when no user is specified. No clue why.
And do notice that gcm is continuously creating a fresh PAT when a user is specified. It should reuse the cache.
Do note that generating a PAT should not be required anymore because of Entra token integration. You can just request Entra for an Azure DevOps token and connect with Azure DevOps with it. With az cli the command is as follows:
az account get-access-token --resource 499b84ac-1321-427f-aa17-267ca6975798
@cveld So just to clarify, you are able to clone both repositories but your problem is that it is creating PAT instead of reusing cache? It is not an auth issue but rather feature request?
Well only with user works. When I try without user it fails. My ask is to understand how to enable auth without having to specify a user in the url.