Support Personal Access Token (PAT) authentication for MCP Server

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Summary

Add Personal Access Token (PAT) authentication support to GitLab's MCP server alongside the existing OAuth flow.

Problem

OAuth-only authentication blocks legitimate use cases:

1. Machine-to-machine scenarios: CI/CD pipelines, automation, headless environments, containerized deployments
2. Enterprise requirements: Corporate AI gateways, token lifecycle policies, simplified audit trails (customer feedback)
3. Architectural inconsistency: MCP calls GitLab API endpoints that already support PATs - no security reason to restrict this

Proposed Solution

Support both authentication methods:

• OAuth: Interactive user flows, IDE integrations (existing)
• PAT: Automation, M2M, simplified setups (new)

# Proposed usage
npx mcp-remote https://gitlab.com/api/v4/mcp --token glpat-xxxxxxxxxxxxxxxxxxxx

Benefits

• Removes adoption barriers for enterprise customers and automation use cases
• Reduces support burden from OAuth authentication issues
• Aligns with GitLab API patterns - PATs already work for underlying API calls
• Low implementation risk - uses existing, proven PAT infrastructure