Auth issues with glab opentofu

Checklist

  • I'm using the latest version of the extension (Run glab --version)
    • Extension version: glab 1.79.0 (19f58080)
  • Operating system and version: MacOS 15.5 (24F74)
  • Gitlab.com or self-managed instance? gitlab.com
  • I have performed glab auth status to check for authentication issues
  • Run the command in debug mode (like DEBUG=true glab mr list) and attach any useful output

Summary

When using the opentofu init command, it looks like the credentials expire too quickly, for example, tofu apply will returns after about an hour:

│ Error: Error acquiring the state lock

│ Error message: HTTP remote state endpoint requires auth

│ OpenTofu acquires a state lock to protect the state from being written
│ by multiple users at the same time. Please resolve the issue above and try
│ again. For most commands, you can disable locking with the "-lock=false"
│ flag, but this is not recommended.

Then, the init command has to be re-run (glab opentofu init -R 'repo/project-name' 'project-name', but it fails with the following:

Initializing the backend...

│ Error: Backend configuration changed

│ A change in the backend configuration has been detected, which may require migrating existing state.

│ If you wish to attempt automatic migration of the state, use "tofu init -migrate-state".
│ If you wish to store the current configuration with no changes to the state, use "tofu init -reconfigure".



   ERROR

  Exit status 1.

Which requires to run this command: glab opentofu init -R 'repo/project-name' 'project-name' -- -reconfigure

Environment

  • OS: Darwin 24.5.0 arm64
  • SHELL: /bin/zsh
  • TERM: xterm-256color
  • GLAB: glab 1.79.0 (19f58080)%

Other:

Steps to reproduce

Initialize the terraform backend: glab opentofu init -R 'repo/project-name' 'project-name'

Wait an hour, then run a tofu command (e.g. tofu plan)

What is the current bug behavior?

  1. Authentication is short lived
  2. There is no obvious re-authentication command
  3. Re-running init requires -reconfigure flag

What is the expected correct behavior?

The authentication should persist at least as long as the glab authentication (glab auth status)

Relevant logs and/or screenshots

gitlab.com ✓ Logged in to gitlab.com as maxjbo (/Users/username/Library/Application Support/glab-cli/config.yml) ✓ Git operations for gitlab.com configured to use ssh protocol. ✓ API calls for gitlab.com are made over https protocol. ✓ REST API Endpoint: https://gitlab.com/api/v4/ ✓ GraphQL Endpoint: https://gitlab.com/api/graphql/ ✓ Token found: **************************

Possible fixes

Not sure, open to ideas, but the current behavior is annoying, as it stands using PAT offers a better experience than the "recommend" approach.