This is what I tried:
curl http://git.ep.petrobras.com.br/api/v3/session --data-urlencode 'login=myUser&password=myPass'
Answer:
{"message":"401 Unauthorized"}
This is what I tried:
curl http://git.ep.petrobras.com.br/api/v3/session --data-urlencode 'login=myUser&password=myPass'
Answer:
{"message":"401 Unauthorized"}
The problem is the data-urlencode
CURL option. Since it's an HTTP POST you don't need to URL encode the data, and is actually encoding the &
into &
and causing your issue. Instead use the --data
option.
curl http://git.ep.petrobras.com.br/api/v3/session --data 'login=myUser&password=myPass'
Also, be careful sending credentials over plain HTTP. It could be easily sniffed.
This is how:
$ curl http://git.ep.petrobras.com.br/api/v3/session/ --data-urlencode 'login=myUser' --data-urlencode 'password=myPass'
The solution pointed out by Steven doesn't work if your username or password contains characters that have to be urleencoded. The name=content
format will urlencode the content
part (the name
part has to be urlencoded but login
and password
are fine).
To actually retrieve the private_token
you can pipe the output of curl into jq like this:
$ curl [as above] | jq --raw-output .private_token
x_the_private_token_value_x
This way you can easily use it in a shell script.
Also, as Steven pointed out already, please use https instead so that your password is not transmitted in clear text across the wire.
Note: this workflow no longer works as of GitLab 8.6.0 as the default password has been removed.
Changelog: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG#L205
I only just noticed this and raised the issue. Leaving this note here to hopefully save someone else some time. Hopefully, this is a decision that will be reviewed and reverted.
Discussion/issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/1980