If your application token is valid but git push still fails to authenticate, the most common reason is that your local Git client is using a different, outdated credential stored in your system’s credential manager rather than the new token.
1. Check for Cached Credentials
Your operating system often “remembers” old passwords or tokens and provides them to Git automatically, leading to a silent failure.
- Windows: Open the Credential Manager from the Control Panel. Under Windows Credentials, look for entries starting with
git:or your hosting provider (e.g.,git:https://github.com). Remove or Edit these entries to replace the old password with your valid token. - macOS: Open Keychain Access. Search for your hosting provider (e.g., “github.com”) and delete the relevant “Internet Password” entries to force Git to ask for your credentials again.
2. Verify Token Scopes
A token can be “valid” in terms of expiration but still fail because it lacks the necessary permissions (scopes) to perform a push.
- For GitHub, ensure the
reposcope is selected. - If you are pushing to a repository with GitHub Actions, the
workflowscope may also be required.
3. Clear Git’s Internal Cache
Sometimes Git’s own helper holds onto a bad session. You can clear this by running:
git credential-cache exitTo temporarily bypass any stored credentials and force a prompt, you can unset the helper:
git config --global --unset credential.helper(Note: You may want to re-enable it later to avoid entering your token for every command.)
4. Inspect the Remote URL
If you have multiple accounts, Git might be trying to push to a URL that doesn’t “know” to use your token. You can explicitly include your username and token in the remote URL to test:
git remote set-url origin https://<USERNAME>:<TOKEN>@://github.comThis bypasses the credential manager entirely for that specific repository.
5. Check for 2-Factor Authentication (2FA)
If 2FA is enabled on your account, standard account passwords will not work for command-line operations; you must use a Personal Access Token (PAT) as your password
The reason git push is prompting for credentials is that your .git-credentials file is owned by root and has restricted permissions (rw-------), meaning your current user cannot read it. Even though the details inside are valid, Git (running as your user) is being denied access to the file and thus acts as if no credentials exist. [1, 2]
To fix this, you need to change the file’s ownership to your current user or ensure your user has read access.
1. Fix File Ownership
Run the following command to make your current user the owner of the file (replace youruser with your actual username):
sudo chown youruser:youruser ~/.git-credentials2. Verify Credential Helper Configuration
Git only looks at that file if the store helper is active. Ensure your configuration points to it correctly: [1]
- Check current setting:
git config --global credential.helper - Set it if missing:
git config --global credential.helper store[1, 2]
3. Confirm File Path
By default, the store helper looks for ~/.git-credentials. If your file is in a different location, you must specify it:
git config --global credential.helper 'store --file ~/.git-credentials'4. Test Authentication
Once ownership is fixed, try to push again. If it prompts one last time, enter your username and token; it should then save them to the file with the correct permissions for your user.
Note on Security: Storing credentials in .git-credentials saves them in plain text. If your system supports it, using a more secure helper like osxkeychain (macOS), wincred (Windows), or libsecret (Linux) is recommended.
The location of your global Git configuration depends on your operating system, as it is tied to the current user’s home directory.
Standard Locations
- Linux / macOS:
~/.gitconfigor~/.config/git/config. - Windows:
C:\Users\<YourUsername>\.gitconfig.
How to Find Your Specific File
Since you have already seen discrepancies between your “login user” and “effective user,” the most reliable way to find exactly which file Git is reading is to run:
git config --global --list --show-originThis command will list every setting along with the full file path where that specific setting is stored.