- We currently support fetching code with username = 'oauth2' and
  password = <access_token>.
- Trying to _push_ code with the same credentials fails with an authentication
  error.
- There's no reason this shouldn't be enabled, especially since we allow the
  OAuth client to create deploy keys with push access:

  https://docs.gitlab.com/ce/api/deploy_keys.html#add-deploy-key