libgit2sharp: 'Too many redirects or authentication replays' on clone from TFS

After updating to Team Foundation Server TFS 2018 & 2017 Update 3, we are not be able to login to GIT repository using LibGit2Sharp library using Access Token. Please check the code below:

    `
    string accessToken = "eyJ0eXAiOiJKV1QiLCJ...";
    NetworkCredential gitCredentials = new NetworkCredential(string.Empty, accessToken);
    string localRepoPath = string.Empty;
    string gitTfsRepo = "http://mjtfs2017:8080/tfs/DefaultCollection/_git/GITTest001";

    try
    {
        localRepoPath = Repository.Clone(gitTfsRepo, @"D:\temp\GIT",
            new CloneOptions()
            {
                CredentialsProvider = GetCredentialsHandler(gitCredentials),
                IsBare = false
            });

    }
    catch (Exception err)
    {
        Console.WriteLine(err);
    }

    Console.WriteLine(localRepoPath);
    `

I communicated with Microsoft TFS/VSTS Team they gave following response:

The fact that you received those responses from the code snip I provided means that your extension is correctly configured (regarding scopes at least) and TFS is correctly accepting the extension’s access token to perform git operations through HTTP, when the git client sends it.

Additionally, if I use the next command, using git for Windows, I’m able to fully interact with a TFS repo with that access token:

git -c http.extraheader=“Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJ…” clone http://at1-tfs-test1-angallo.westus2.cloudapp.azure.com:8080/tfs/DefaultCollection/_git/test_project_1

But that same command doesn’t work for git for Linux, probably because my git client on my Linux machine doesn’t send or correctly consider these HTTP headers (just as LibGit2Sharp seems to not do too (from your latest Fiddler trace I still see the Authentication header missing)). So I still believe the problem here comes from the git client, not TFS or the access token.

Please suggest, thanks in advance.

LibGit2Sharp version: 0.26.0-preview-0027

About this issue

Original URL
State: open
Created 6 years ago
Comments: 27 (3 by maintainers)

Most upvoted comments

Hi guys! This response might be surprising, but: We could actually fix this! In my case, our PAT (=Personal access token) was expired! I just had to create a new token and cloning worked, again! Wanted to share this as I was also searching for solutions for quite some time! The error message is just a bit misleading…

@Sherry112, @PatrickGrub 😃

mayrbenjamin92 on Jan 18, 2022

Ran into similar issues when trying to clone from an on premise Azure Devops Server 2020 into a docker container.

We were able to get it working by doing the following while having Basic Authentication disabled.

var token = "myPatToken";
var byteArray = Encoding.ASCII.GetBytes(":" + myPatToken);
var encodedToken = Convert.ToBase64String(byteArray);

var options = new CloneOptions
{
    FetchOptions = new FetchOptions
    {
        CustomHeaders = new[]
        {
            $"Authorization: Basic {encodedToken}"
        }
    }
};

return Repository.Clone("https://...", ".", options);

sfwester on Nov 23, 2021

@MustafaJamal I was digging with this issue all the morning and this is a simple workaround if found with TFS 2018 Update 2 :

LibGit2Sharp.Repository.Clone($"https://usercouldbeanything:{personalaccesstoken}@yourtfsserver/tfs/CollectionName/ProjectName/_git/GitRepoName", "GitRepoName");

If I use the basic auth UsernamePasswordCredentials with the same parameters :

LibGit2Sharp.Repository.Clone("https://yourtfsserver/tfs/CollectionName/ProjectName/_git/GitRepoName", "GitRepoName", new CloneOptions()
{
  CredentialsProvider = (_url, _user, _cred) =>
  {
    return new UsernamePasswordCredentials { Username = "usercouldbeanything", Password = personalaccesstoken };
  }
 });

I’m getting this exception :

LibGit2Sharp.LibGit2SharpException: 'too many redirects or authentication replays'

@ethomson can it be a bug with the librairy?

rachkoud on Jul 24, 2018

Ran into similar issues when trying to clone from an on premise Azure Devops Server 2020 into a docker container.

We were able to get it working by doing the following while having Basic Authentication disabled.
var token = "myPatToken";
var byteArray = Encoding.ASCII.GetBytes(":" + myPatToken);
var encodedToken = Convert.ToBase64String(byteArray);

var options = new CloneOptions
{
    FetchOptions = new FetchOptions
    {
        CustomHeaders = new[]
        {
            $"Authorization: Basic {encodedToken}"
        }
    }
};

return Repository.Clone("https://...", ".", options);

Do you think, we could use a similar approach with Repository.Network.Push() ? (ie with Custom Headers)

manojbaishya on Feb 15, 2022

We use UsernamePasswordCredentials and get the same error message recently. The same code, the cloning with UsernamePasswordCredentials worked before for months and now not anymore.

Any hints? Did change something in the API?

PatrickGrub on Nov 26, 2021

@MustafaJamal , Thanks, It is very helpful…

satyaprakashv on Jul 24, 2018