Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-14598

Setting "require user tokens for repository authentication" prevents npm bearer tokens from working

    XMLWordPrintable

    Details

    • Story Points:
      3

      Description

      If you enable  "require user tokens for repository authentication" under "security/user tokens" in the UI then publishing npm packages using npm bearer tokens no longer works.

      Expected:  Npm bearer tokens should continue to work regardless of the user token required setting. Bearer tokens are just as secure as user tokens.

      Also note that you cannot execute "npm login" using a user token, npm won't allow it due to the charachters in the username. So that doesn't provide a workaround:

      $ npm login --registry=http://localhost:8081/repository/npmjs-internet/
Username: iqHO/VxE
npm WARN Name must be lowercase 
Username: cMf2csEatr3M9Iq+yJxb5K8S3Y1+VhUXcSqvpKoafywC
npm WARN Name must be lowercase 
Username: iqHO/VxE
npm WARN Name must be lowercase 
Username: iaho/vxe
npm WARN Name may not contain non-url-safe chars

       

        Attachments

          Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. NEXUS-19920 option to generate lowercased user token names so that they can always be used with npm login

          • Medium - Medium
          • Closed

            Activity

              People

              Assignee:
              moncef Moncef Ben-Soula
              Reporter:
              rseddon Rich Seddon
              Last Updated By:
              Rich Seddon
              Team:
              Nexus - Formats
              Votes:
              2 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title