Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-14598

Setting "require user tokens for repository authentication" prevents npm bearer tokens from working

Details

    • 3

    Description

      If you enable  "require user tokens for repository authentication" under "security/user tokens" in the UI then publishing npm packages using npm bearer tokens no longer works.

      Expected:  Npm bearer tokens should continue to work regardless of the user token required setting. Bearer tokens are just as secure as user tokens.

      Also note that you cannot execute "npm login" using a user token, npm won't allow it due to the charachters in the username. So that doesn't provide a workaround:

      $ npm login --registry=http://localhost:8081/repository/npmjs-internet/
      Username: iqHO/VxE
      npm WARN Name must be lowercase 
      Username: cMf2csEatr3M9Iq+yJxb5K8S3Y1+VhUXcSqvpKoafywC
      npm WARN Name must be lowercase 
      Username: iqHO/VxE
      npm WARN Name must be lowercase 
      Username: iaho/vxe
      npm WARN Name may not contain non-url-safe chars 

       

      Attachments

        Issue Links

          Activity

            People

              moncef Moncef Ben-Soula
              rseddon Rich Seddon
              Rich Seddon Rich Seddon
              Nexus - Formats
              Votes:
              2 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                tigCommentSecurity.panel-title