Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-14598

Setting "require user tokens for repository authentication" prevents npm bearer tokens from working

    XMLWordPrintable

Details

    • 3

    Description

      If you enable  "require user tokens for repository authentication" under "security/user tokens" in the UI then publishing npm packages using npm bearer tokens no longer works.

      Expected:  Npm bearer tokens should continue to work regardless of the user token required setting. Bearer tokens are just as secure as user tokens.

      Also note that you cannot execute "npm login" using a user token, npm won't allow it due to the charachters in the username. So that doesn't provide a workaround:

      $ npm login --registry=http://localhost:8081/repository/npmjs-internet/
Username: iqHO/VxE
npm WARN Name must be lowercase 
Username: cMf2csEatr3M9Iq+yJxb5K8S3Y1+VhUXcSqvpKoafywC
npm WARN Name must be lowercase 
Username: iqHO/VxE
npm WARN Name must be lowercase 
Username: iaho/vxe
npm WARN Name may not contain non-url-safe chars

       

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. NEXUS-19920 option to generate lowercased user token names so that they can always be used with npm login

          • Medium - Medium
          • Closed

          Activity

            People

              moncef Moncef Ben-Soula
              rseddon Rich Seddon
              Rich Seddon Rich Seddon
              Nexus - Formats
              Votes:
              2 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                tigCommentSecurity.panel-title