Details
-
Bug
-
Resolution: Fixed
-
Major
-
3.4.0, 3.6.0
-
3
Description
If you enable "require user tokens for repository authentication" under "security/user tokens" in the UI then publishing npm packages using npm bearer tokens no longer works.
Expected: Npm bearer tokens should continue to work regardless of the user token required setting. Bearer tokens are just as secure as user tokens.
Also note that you cannot execute "npm login" using a user token, npm won't allow it due to the charachters in the username. So that doesn't provide a workaround:
$ npm login --registry=http://localhost:8081/repository/npmjs-internet/ Username: iqHO/VxE npm WARN Name must be lowercase Username: cMf2csEatr3M9Iq+yJxb5K8S3Y1+VhUXcSqvpKoafywC npm WARN Name must be lowercase Username: iqHO/VxE npm WARN Name must be lowercase Username: iaho/vxe npm WARN Name may not contain non-url-safe chars
Attachments
Issue Links
- is related to
-
NEXUS-19920 option to generate lowercased user token names so that they can always be used with npm login
-
- Closed
-