Auth error when creating merge request - insufficient_scope

Checklist

  • I'm using the latest version of the extension (Run glab --version)
    • Extension version: 1.29.4
  • Operating system and version: Debian GNU/Linux 10 (buster) in docker image rocketmakers/ci-build-node-az:4.0.1
  • Gitlab.com or self-managed instance? gitlab.com
  • GitLab version (if self-managed) GitLab version here (Use the version endpoint, like this: gitlab.my-company.com/api/v4/version)
  • I have performed glab auth status to check for authentication issues

Summary

I'm trying to create a merge request from a CI pipeline using a project access token for auth.

The access token has the Maintainer role and the following scopes:

  • api
  • read_api
  • read_repository
  • write_repository

When I try to create a merge request I'm told the access token has insufficient scope but the scopes reported are on the access token.

Steps to reproduce

(I wanted to recreate this on my dev laptop but I can't seem to log out of glab to use the token rather than my oauth login)

glab auth login --token ${GIT_ACCESS_TOKEN}
glab mr create --source-branch ${FROM} --target-branch ${TO} --title "${FROM} to ${TO}" --description "${DESCRIPTION}" --yes

What is the current bug behavior?

These are the logs from the job:

glab auth login --token [MASKED]
glab auth status
gitlab.com
  ✓ Logged in to gitlab.com as group_REDACTED_bot_REDACTED (/root/.config/glab-cli/config.yml)
  ✓ Git operations for gitlab.com configured to use ssh protocol.
  ✓ API calls for gitlab.com are made over https protocol
  ✓ REST API Endpoint: https://gitlab.com/api/v4/
  ✓ GraphQL Endpoint: https://gitlab.com/api/graphql/
  ✓ Token: **************************
glab mr create --source-branch main --target-branch develop --title "main to develop" --description "This should only contain a new version number and changelog" --yes
Creating merge request for main into develop in REDACTED
Failed to create merge request. Created recovery file: /root/.config/glab-cli/recover/REDACTED/mr.json
Run the command again with the '--recover' option to retry
POST https://gitlab.com/api/v4/projects/REDACTED/merge_requests: 403 {error: insufficient_scope}, {error_description: The request requires higher privileges than provided by the access token.}, {scope: api read_api}

What is the expected correct behavior?

glab mr create should succeed based on the access token.

Relevant logs and/or screenshots

See above.

Possible fixes

🤷