<!--IssueSummary start--> <details> <summary> Everyone can contribute. [Help move this issue forward](https://handbook.gitlab.com/handbook/marketing/developer-relations/contributor-success/community-contributors-workflows/#contributor-links) while earning points, leveling up and collecting rewards. </summary> - [Close this issue](https://contributors.gitlab.com/manage-issue?action=close&projectId=278964&issueIid=573142) </details> <!--IssueSummary end--> ### Checklist - [x] I'm using the latest version of the extension (Run `glab --version`) - Extension version: glab 1.72.0 (cli@294f0726782123e38b76aa10a90f246c6a641cef) - [x] Operating system and version: macOs 15.6 (24G84) - [x] Gitlab.com or self-managed instance? gtilab.com - [x] GitLab version (if self-managed) N/A - [x] I have performed `glab auth status` to check for authentication issues - [x] Run the command in debug mode (like `DEBUG=true glab mr list`) and attach any useful output ### Summary Trying to create a PAT using `glab token create --user @me` results in the following error regardless of provided scopes: ``` ERROR: POST https://gitlab.com/api/v4/user/personal_access_tokens: 400 {error: scopes does not have a valid value} ``` ### Environment - OS: Darwin 24.6.0 arm64 - SHELL: /opt/homebrew/bin/zsh - TERM: xterm-256color - GLAB: glab 1.72.0 (cli@294f0726782123e38b76aa10a90f246c6a641cef)% ### Steps to reproduce - ensure glab logged in - `glab auth login` (used WEB and HTTPS for this) - run the following, with or without explicitly defined scopes: ``` glab token create --user @me --scope api,write_repository my-personal-token-3 ``` ### What is the current _bug_ behavior? Every permutation of supplied scopes results in: ``` ERROR: POST https://gitlab.com/api/v4/user/personal_access_tokens: 400 {error: scopes does not have a valid value} ``` ### What is the expected _correct_ behavior? A PAT is created for the current user. ### Relevant logs and/or screenshots ``` zsh ❯ pwd /Users/c.mayne ~ zsh ❯ export GLAB_DEBUG_HTTP=true ~ zsh ❯ glab token create --user @me --scope api,write_repository my-personal-token-3 REQUEST: GET /api/v4/user HTTP/1.1 Host: gitlab.com User-Agent: glab/v1.72.0 (darwin, arm64) Accept: application/json Authorization: [REDACTED] Accept-Encoding: gzip RESPONSE: HTTP/2.0 200 OK Cache-Control: max-age=0, private, must-revalidate Cf-Cache-Status: MISS Cf-Ray: 98453a41dfa4911c-LHR Content-Security-Policy: default-src 'none' Content-Type: application/json Date: Wed, 24 Sep 2025 21:03:16 GMT Etag: W/"ab6b7a0b481caa7fd8ef456c0ba2bfef" Gitlab-Lb: haproxy-main-33-lb-gprd Gitlab-Sv: api-gke-us-east1-d Nel: {"max_age": 0} Referrer-Policy: strict-origin-when-cross-origin Server: cloudflare Set-Cookie: [REDACTED] Strict-Transport-Security: max-age=31536000 Vary: Origin, Accept-Encoding X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Gitlab-Meta: {"correlation_id":"bfc041cebeb4e386c0935d977025980e","version":"1"} X-Request-Id: bfc041cebeb4e386c0935d977025980e X-Runtime: 0.059507 {"id":23535502,"username":"c.mayne",... REQUEST: GET /api/v4/personal_access_tokens?per_page=100&user_id=23535502 HTTP/1.1 Host: gitlab.com User-Agent: glab/v1.72.0 (darwin, arm64) Accept: application/json Authorization: [REDACTED] Accept-Encoding: gzip RESPONSE: HTTP/2.0 200 OK Cache-Control: max-age=0, private, must-revalidate Cf-Cache-Status: MISS Cf-Ray: 98453a439b4b911c-LHR Content-Security-Policy: default-src 'none' Content-Type: application/json Date: Wed, 24 Sep 2025 21:03:17 GMT Etag: W/"954f71ba8f08e74795ac381f82bcc74e" Gitlab-Lb: haproxy-main-05-lb-gprd Gitlab-Sv: api-gke-us-east1-c Link: <https://gitlab.com/api/v4/personal_access_tokens?page=1&per_page=100&user_id=23535502>; rel="first", <https://gitlab.com/api/v4/personal_access_tokens?page=1&per_page=100&user_id=23535502>; rel="last" Nel: {"max_age": 0} Referrer-Policy: strict-origin-when-cross-origin Server: cloudflare Set-Cookie: [REDACTED] Strict-Transport-Security: max-age=31536000 Vary: Origin, Accept-Encoding X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Gitlab-Meta: {"correlation_id":"a5c86d30fa31cad664b7f402ae70abaa","version":"1"} X-Next-Page: X-Page: 1 X-Per-Page: 100 X-Prev-Page: X-Request-Id: a5c86d30fa31cad664b7f402ae70abaa X-Runtime: 0.201444 X-Total: 7 X-Total-Pages: 1 [{"id":12211295,"name":"... REQUEST: POST /api/v4/user/personal_access_tokens HTTP/1.1 Host: gitlab.com User-Agent: glab/v1.72.0 (darwin, arm64) Content-Length: 92 Accept: application/json Authorization: [REDACTED] Content-Type: application/json Accept-Encoding: gzip {"name":"my-personal-token-3","scopes":["api","write_repository"],"expires_at":"2025-10-24"} RESPONSE: HTTP/2.0 400 Bad Request Content-Length: 46 Cache-Control: no-cache Cf-Cache-Status: DYNAMIC Cf-Ray: 98453a467b12911c-LHR Content-Security-Policy: default-src 'none' Content-Type: application/json Date: Wed, 24 Sep 2025 21:03:17 GMT Gitlab-Lb: haproxy-main-17-lb-gprd Gitlab-Sv: api-gke-us-east1-c Nel: {"max_age": 0} Referrer-Policy: strict-origin-when-cross-origin Server: cloudflare Set-Cookie: [REDACTED] Strict-Transport-Security: max-age=31536000 Vary: Origin, Accept-Encoding X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Gitlab-Meta: {"correlation_id":"83227dc8f3782c0ff3e74982e813c514","version":"1"} X-Request-Id: 83227dc8f3782c0ff3e74982e813c514 X-Runtime: 0.045027 {"error":"scopes does not have a valid value"} ERROR: POST https://gitlab.com/api/v4/user/personal_access_tokens: 400 {error: scopes does not have a valid value} ``` ### Possible fixes No idea - appears to be a server side validation or non-obvious, state-based validation issue