<!--IssueSummary start--> <details> <summary> Everyone can contribute. [Help move this issue forward](https://handbook.gitlab.com/handbook/marketing/developer-relations/contributor-success/community-contributors-workflows/#contributor-links) while earning points, leveling up and collecting rewards. </summary> - [Close this issue](https://contributors.gitlab.com/manage-issue?action=close&projectId=278964&issueIid=594000) </details> <!--IssueSummary end--> ## Summary During Bitbucket Cloud → GitLab.com import, the LFS batch API intermittently returns `401 Unauthorized` when GitLab attempts to fetch the LFS download list. The same credentials and same objects succeed on retry, indicating a transient auth issue rather than a permissions misconfiguration. ## Root Cause (Suspected) The customer has SSO enabled on their Bitbucket Cloud workspace. The LFS batch API endpoint may handle SSO-enforced credentials differently from the standard Git/REST API, causing intermittent auth failures. This is similar to known GitHub import issues where SSO prevents access to certain resources. ## Evidence - Customer confirmed SSO is enabled for Bitbucket Cloud - PAT contained only `-`, `_`, `=` characters (no special character encoding issue) - Same credentials, same objects: sometimes succeed, sometimes fail with `Unauthorized` - Test results from customer: - 1 file (220MB) → **Success** - 2 files (220MB + 1000MB) → **Failure** - 1 file (1000MB) → **Success** - `git clone` + `git lfs fetch` from Bitbucket with the same credentials works fine locally - It's all-or-nothing: either all LFS objects import or none do ## Exception Details ``` exception.class: Projects::LfsPointers::LfsObjectDownloadListService::LfsObjectDownloadListError exception.cause_class: Projects::LfsPointers::LfsDownloadLinkListService::DownloadLinksError exception.message: The LFS objects download list couldn't be imported. Error: Unauthorized ``` Backtrace: ``` app/services/projects/lfs_pointers/lfs_object_download_list_service.rb:26 lib/gitlab/bitbucket_import/importers/lfs_objects_importer.rb:40 app/workers/gitlab/bitbucket_import/stage/import_lfs_objects_worker.rb:13 ``` ## Expected Behaviour LFS objects should be reliably imported when valid credentials with correct scopes are provided, regardless of SSO configuration on the Bitbucket side. ## Workaround Retry the import, or after import run `git lfs push --all <gitlab-remote>` over HTTPS. ## References - RFH: https://gitlab.com/gitlab-com/request-for-help/-/work_items/4290 - Logs: https://log.gprd.gitlab.net/app/r/s/4401S