GitLab: personal impersonation token (PAT) does not work for my bot user

Question

I have created a special "bot" user for integration with Redmine. The idea is to add this user as "reporter" to some projects / groups as "reporter" to give Redmine access to them. It seems to me that this is more practical to use in GitLab web interface than a token created on a top-level group (but maybe I am wrong, we are still experimenting with GitLab). The bot's GitLab password would not be used anywhere, only PAT tokens would be used.

I go to admin/users/<user>/impersonation_tokens and create a new token with just the permission "read_repository".

However I cannot clone afterward:

git clone https://<user>:<token>@<project_url>.git 

gives:

remote: HTTP Basic: Access denied.
The provided password or token is incorrect or your account has 2FA enabled and you must use a personal access token instead of a password.
See https://gitlab.example.com/help/topics/git/troubleshooting_git#error-on-git-fetch-http-basic-access-denied
fatal: Authentication failed for 'https://<project_url>.git/'

I have checked that the user is indeed member of the project (directly or via a group). I have tried with different token permissions, expirations dates. I also tried to replace in the clone url with "oauth2", "pat", etc. (this login is currently not checked anyway).

Answer 1

I struggled until I tried to impersonate the user and saw the message:

You cannot impersonate a user with an expired password

The problem was that I had set the bot's user password with my admin account but I still had to login as the bot using the new password, and define a new password (possibly the same as the one previously set). After that the PAT worked.