Bookmark sync on Gitlab using new fine-grained personnal access token

[noraj]

Which version of floccus are you using?

5.9.1

How many bookmarks do you have, roughly?

xbel has 2k lines

Are you using other means to sync bookmarks in parallel to floccus?

No

Sync method

Git

Which browser are you using? In case you are using the phone App, specify the Android or iOS version and device please.

Firefox 149.0.2

Which version of Nextcloud Bookmarks are you using? (if relevant)

No response

Which version of Nextcloud? (if relevant)

No response

What kind of WebDAV server are you using? (if relevant)

No response

Describe the Bug

When having 2FA enabled on a GitLab account, one must use a PAT (personal access token) instead of password.

Before with the legacy permission token, the permissions where very broad, generating a token with write_repository and read_repository was enough. (old issue #1609)

However, my token expired, now I have to generate a new one but now Gitlab is promoting the new fine-grained access tokens to replace the legacy ones. I tried to generate one with the permissions:

• Repository:
  • Commit: Create, Read, Update

But I had 403 error while trying to sync Floccus. So I generated a new one with those:

• Repository
  • Repository: Read
  • Commit: Create, Read, Update
  • Protected Branch: Read, Update
  • Code: Push, Read, Download

Everything looks like it works, no error except that nothing is pushed to the git repository, no new commit. I want to know if you have some documentation to explain what Gitlab permissions are needed for Floccus to work. It looks non trivial to identify the required ones.

Expected Behavior

Floccus successfully push a commit with the changed bookmarks to the Gitlab repository.

To Reproduce

Setup a Gitlab git repository, push the first commit manually and generate a new fine-grained PAT, try the permissions listed above.

Debug log provided

• I have provided a debug log file

[github-actions]

Hello! 👋

Thank you for taking the time to open this issue with floccus. I know it's frustrating when software causes problems. You have made the right choice to come here and open an issue to make sure your problem gets looked at and if possible solved. Let me give you a short introduction on what to expect from this issue tracker to avoid misunderstandings. I'm Marcel. I created floccus a few years ago, and have been maintaining it since. I currently work for Nextcloud which leaves me with less time for side projects like this one than I used to have. I still try to answer all issues and if possible fix all bugs here, but it sometimes takes a while until I get to it. Until then, please be patient. It helps when you stick around to answer follow up questions I may have, as very few bugs can be fixed directly from the first bug report, without any interaction. If information is missing in your bug report and the issue cannot be solved without it, I will have to close the issue after a while. Note also that GitHub in general is a place where people meet to make software better together. Nobody here is under any obligation to help you, solve your problems or deliver on any expectations or demands you may have, but if enough people come together we can collaborate to make this software better. For everyone. Thus, if you can, you could also have a look at other issues to see whether you can help other people with your knowledge and experience. If you have coding experience it would also be awesome if you could step up to dive into the code and try to fix the odd bug yourself. Everyone will be thankful for extra helping hands! If you cannot lend a helping hand, to continue the development and maintenance of this project in a sustainable way, I ask that you donate to the project when opening an issue (or at least once your issue is solved), if you're not a donor already. You can find donation options at https://floccus.org/donate/. Thank you!

One last word: If you feel, at any point, like you need to vent, this is not the place for it; you can go to the Nextcloud forum, to twitter or somewhere else. But this is a technical issue tracker, so please make sure to focus on the tech and keep your opinions to yourself.

Thank you for reading through this primer. I look forward to working with you on this issue! Cheers! 💙

[noraj]

Update: As a fallback I tried to create a legacy token with the same permissions that were working before, and I still have the same behavior. So it may not be related to fine-grained vs legacy token. The last time I had a successful push (commit) is one month ago (21/02/2026, btw I use manual sync).