Based on the 401 (Unauthorized) error in the Checkout step, this appears to be an authentication or permission issue rather than a buildpack-related problem. The pipeline is unable to retrieve repository information, which typically indicates that the Personal Access Token (PAT) does not have the required permissions.
I would recommend first reviewing the scopes assigned to your PAT. According to the log message, the token must include the appropriate Model Repository scopes. Please ensure that mx:modelrepository:repo:read and mx:modelrepository:repo:write are selected. In some cases, mx:modelrepository:write may also be required. When generating the PAT, make sure you explicitly enable the Model Repository → repo:read and repo:write scopes, and not only the general write scope. These permissions are necessary for the pipeline to access the Team Server Git repository.
Additionally, instead of only updating the existing token value, I suggest removing and reconfiguring the credentials entirely in the Pipelines settings. Go to Pipelines → Settings → User settings, delete your current user entry, and then add it again using the newly generated PAT and API key. This ensures that the pipeline does not continue using any previously cached or outdated credentials.
In most cases, verifying the correct scopes and fully re-adding the credentials resolves this type of 401 error during the Checkout phase.
If this resolves the issue, please close the topic.
f all three scopes are already selected, the issue is likely not the scopes themselves but how the token is being used in the pipeline.
One thing that often happens is that editing an existing PAT does not refresh correctly in Pipelines. Even if the scopes look correct in the Developer Portal, the pipeline may still be using the old cached token. In that case the best approach is to create a completely new PAT with the same scopes and update it in the pipeline settings.
Also double check that the PAT belongs to a user who has access to the project repository. The user should have at least Developer or Maintainer rights in the app. If the token belongs to a user without repository access, the checkout step will still return a 401.
So the recommended steps are to recreate the PAT, ensure the scopes are selected, update the token again in Pipelines → Settings → User Settings, and then trigger the pipeline again so it refreshes the credentials.
Hi Peiter,
Can you please check if you have access to your app?.
Hi,
From the error in your screenshot the pipeline is failing during checkout with a 401 and the message:
PAT must include the following scopes: mx:modelrepository:repo:write, mx:modelrepository:repo:read, and/or mx:modelrepository:write
Looking at your PAT scopes screenshot, the issue is that the Model Repository scopes required for Git access are not all included in the token used by the pipeline, even though the token itself is registered.
For pipelines that perform a repository checkout, the PAT must include at least these scopes:
mx:modelrepository:repo:readmx:modelrepository:repo:write (recommended)mx:modelrepository:write (for some operations)If any of these are missing, the pipeline cannot request the temporary repository access URL and the checkout step fails with the 401 you are seeing.
The easiest fix is:
mx:modelrepository:repo:readmx:modelrepository:repo:writemx:modelrepository:writeAfter updating the token, trigger the pipeline again so it refreshes the credentials.
One more thing to double-check: the PAT must belong to a user who has access to the project repository (Developer/Maintainer in the app). If the user does not have repo access, the token will also return a 401.
In practice this error almost always comes down to missing repo:read scope or using an old PAT cached in pipeline settings, so recreating the token with the correct scopes usually resolves it.