Gitlab authentication with release


I upgraded a Sonarqube instance to the last available release in Github repo ( and can’t log in with Gitlab OAuth any more

Here are informations about my setup :

  • SonarQube version (upgraded from
  • installed from zip file (Debian Bullseye, OpenJDK 17.0.10+7-Debian-1deb11u1)

When trying to login with the “Log in with GitLab” button, I get the following message : You're not authorized to access this page. Please contact the administrator. and this in the web.log file :

2024.04.15 09:45:57 WARN  web[bc3bd178-06cb-417d-87c5-6250660c0ebf][o.s.s.a.AuthenticationError] Fail to callback authentication with 'gitlab'
java.lang.IllegalStateException: Fail to execute request 'https://GITLAB_URL/api/v4/groups?min_access_level=10&per_page=100'. HTTP code: 403, response: {"error":"insufficient_scope","error_description":"The request requires higher privileges than provided by the access token.","scope":"api read_api"}

I replaced my gitlab URL with GITLAB_URL, the URL is correct. The Sonarqube application in Gitlab configuration has scopes api and read_user and “trusted” and “confidential” checked. The setup worked well before upgrade. Any idea on how to fix that ? Thanks

Hey @maudin

Looks like we’ve got a bug (before the release has even been officially announced!): SONAR-22088

We’re currently evaluating our options, like a bugfix release. I don’t think there’s a workaround in the meantime (except downgrading), but I’ll let our team update you if that changes.

Do you have an ETA for a bugfix release? We’ve run into the same issue. (A “known issues” list in the upgrade notes would be appreciated in such a case!!)

If enable Synchronize user groups then permit login but not save permition modification

1 Like

Running into the same problem. We would be happy about a short-term fix.

Hey all.

I am pretty sure we will do a bugfix release, and I would anticipate that arriving no earlier than next week.

I dream of this. I’m not sure we’ve revisited this topic since our docs site became much easier to deploy changes to. I’ll ping on this internally.

We decided to restore a backup and roll back to the old Sonarqube version.

We also decided to roll back this buggy release. With Sonarqube, to be able to easily fall back is definitely a must.

Any news when the updated version containing a fix for this might be available? If its not this week we might also consider a roll back for this.

Hi All,

A fix of SonarQube 10.5 is implemented and the patch release is on its way. It should be published next week.

Thank you for your patience.



Is this version released ?

Hi All,

SonarQube 10.5.1 is now officially released.

This patch release contains the fix for the GitLab authentication without group sync.

Thanks again for your patience!

1 Like


I just tested the fix on the falty instance, everything seems ok, and upgraded the other ones I held to Thanks a lot!

1 Like

Thanks @maudin for the rapid try and feedback :slight_smile: !

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.