Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-14598

Setting "require user tokens for repository authentication" prevents npm bearer tokens from working

    XMLWordPrintable

    Details

    • Story Points:
      3

      Description

      If you enable  "require user tokens for repository authentication" under "security/user tokens" in the UI then publishing npm packages using npm bearer tokens no longer works.

      Expected:  Npm bearer tokens should continue to work regardless of the user token required setting. Bearer tokens are just as secure as user tokens.

      Also note that you cannot execute "npm login" using a user token, npm won't allow it due to the charachters in the username. So that doesn't provide a workaround:

      $ npm login --registry=http://localhost:8081/repository/npmjs-internet/
      Username: iqHO/VxE
      npm WARN Name must be lowercase 
      Username: cMf2csEatr3M9Iq+yJxb5K8S3Y1+VhUXcSqvpKoafywC
      npm WARN Name must be lowercase 
      Username: iqHO/VxE
      npm WARN Name must be lowercase 
      Username: iaho/vxe
      npm WARN Name may not contain non-url-safe chars 

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              moncef Moncef Ben-Soula
              Reporter:
              rseddon Rich Seddon
              Last Updated By:
              Rich Seddon
              Team:
              Nexus - Formats
              Votes:
              2 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title