Artifactory UI download OK, npm install fail with auth error - npm-install

How do we get scoped repo using artifactory?
setup npm.fontawesome.com remote repo in artifactory according to the doc
used username TOKEN and password - the actual token
auth check in UI OK
listing of #fortawesome/angular-fontawesome visible in UI
download of artifact via uI OK
npm rc defines scoped repo
#fortawesome:registry=https://artifactory/artifactory/api/npm/npm-fontawesome.com-remote/
Anonymous access granted to 3rdparty repo for users in my env - build machines included
npm -i fails with auth where the system looks to be going directly do npm.fontawesome.com and not my artifactory repo
2999 verbose stack HttpErrorAuthUnknown: Unable to authenticate, need: Basic realm="https://npm.fontawesome.com/",service="npm.fontawesome.com"
2999 verbose stack at /usr/local/lib/node_modules/npm/node_modules/npm-registry-fetch/lib/check-response.js:80:17
2999 verbose stack at process.processTicksAndRejections (node:internal/process/task_queues:95:5)

Alas, use of token auth for npm repos is not yet supported by jfrog artifactory (see RTFACT-19164)

Related

Yarn can't authenticate with Github Packages - but npm can

What do I need to do to configure yarn to authenticate with Github Packages?
I've got a hello-world npm package that I'm trying to publish privately to github. I want to be able to use yarn instead of npm, but for some reason yarn can't authenticate with the Github Package service:
error Couldn't publish package: "https://npm.pkg.github.com/#myuser/test-models: Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured."
NPM doesn't have any trouble publishing though, so I'm assuming it's some difference in the way yarn processes the config info.
Verbose yarn publish:
$ yarn publish --verbose
yarn publish v1.10.1
verbose 0.257170891 Checking for configuration file "/Users/myuser/sites/test-models/.npmrc".
verbose 0.257665932 Found configuration file "/Users/myuser/sites/test-models/.npmrc".
verbose 0.258189892 Checking for configuration file "/Users/myuser/.npmrc".
verbose 0.258433341 Found configuration file "/Users/myuser/.npmrc".
verbose 0.258899667 Checking for configuration file "/usr/local/etc/npmrc".
verbose 0.259174747 Checking for configuration file "/Users/myuser/sites/test-models/.npmrc".
verbose 0.259487532 Found configuration file "/Users/myuser/sites/test-models/.npmrc".
verbose 0.260003161 Checking for configuration file "/Users/myuser/sites/.npmrc".
verbose 0.260246617 Checking for configuration file "/Users/myuser/.npmrc".
verbose 0.260455656 Found configuration file "/Users/myuser/.npmrc".
verbose 0.260965719 Checking for configuration file "/Users/.npmrc".
verbose 0.263449669 Checking for configuration file "/Users/myuser/sites/test-models/.yarnrc".
verbose 0.263757077 Checking for configuration file "/Users/myuser/.yarnrc".
verbose 0.264027657 Found configuration file "/Users/myuser/.yarnrc".
verbose 0.264629421 Checking for configuration file "/usr/local/etc/yarnrc".
verbose 0.264905752 Checking for configuration file "/Users/myuser/sites/test-models/.yarnrc".
verbose 0.265187834 Checking for configuration file "/Users/myuser/sites/.yarnrc".
verbose 0.265428211 Checking for configuration file "/Users/myuser/.yarnrc".
verbose 0.265682381 Found configuration file "/Users/myuser/.yarnrc".
verbose 0.26612276 Checking for configuration file "/Users/.yarnrc".
verbose 0.268430721 current time: 2020-07-15T16:04:57.727Z
[1/4] Bumping version...
info Current version: 0.0.3
question New version:
info Proceeding with current version: 0.0.3
[2/4] Logging in...
[3/4] Publishing...
verbose 3.449685972 Performing "PUT" request to "https://npm.pkg.github.com/#myuser/test-models".
verbose 3.757506429 Request "https://npm.pkg.github.com/#myuser/test-models" finished with status code 401.
verbose 3.760342835 Error: Couldn't publish package: "https://npm.pkg.github.com/#myuser/test-models: Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured."
at MessageError.ExtendableBuiltin (/usr/local/Cellar/yarn/1.10.1/libexec/lib/cli.js:243:66)
at new MessageError (/usr/local/Cellar/yarn/1.10.1/libexec/lib/cli.js:272:123)
at /usr/local/Cellar/yarn/1.10.1/libexec/lib/cli.js:80723:13
at Generator.throw (<anonymous>)
at step (/usr/local/Cellar/yarn/1.10.1/libexec/lib/cli.js:98:30)
at /usr/local/Cellar/yarn/1.10.1/libexec/lib/cli.js:111:13
at processTicksAndRejections (internal/process/task_queues.js:97:5)
error Couldn't publish package: "https://npm.pkg.github.com/#myuser/test-models: Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured."
info Visit https://yarnpkg.com/en/docs/cli/publish for documentation about this command.
Yarn config:
$ yarn config list
yarn config v1.10.1
info yarn config
{
'version-tag-prefix': 'v',
'version-git-tag': true,
'version-commit-hooks': true,
'version-git-sign': false,
'version-git-message': 'v%s',
'init-version': '1.0.0',
'init-license': 'MIT',
'save-prefix': '^',
'bin-links': true,
'ignore-scripts': false,
'ignore-optional': false,
registry: 'https://registry.yarnpkg.com',
'strict-ssl': true,
'user-agent': 'yarn/1.10.1 npm/? node/v13.11.0 darwin x64',
lastUpdateCheck: 1594760187916
}
info npm config
{
'//registry.npmjs.org/:_authToken': '<auth_token1_here>',
'#myuser:registry': 'https://npm.pkg.github.com',
'//npm.pkg.github.com/:_authToken': '<auth_token2_here>',
python: '/usr/bin/python'
}
✨ Done in 0.11s.
All my config files:
$ cat /Users/myuser/.npmrc
//registry.npmjs.org/:_authToken=[my-npm-token]
$ cat /Users/myuser/sites/test-models/.npmrc
#myuser:registry=https://npm.pkg.github.com
//npm.pkg.github.com/:_authToken=[my-github-token]
$ cat /Users/myuser/.npmrc
//registry.npmjs.org/:_authToken=[my-npm-token]
$ cat /Users/myuser/.yarnrc
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1
lastUpdateCheck 1594760187916
For npm.pkg.github.com/:_authToken, you could try and use the third type of token which is just released yesterday (Oct. 2nd, 2020):
npm automation tokens
npm is introducing a new setting for access tokens to support publishing to the npm registry from CI/CD workflows.
Previously, you could create an access token with one of two settings: read-only, and publish.
A publish token allows you to publish packages, like the name implies, but if you have two-factor authentication (2FA) enabled on your account, you'll be prompted for your one-time passcode.
We recommend that people set up 2FA on their account for added security, but requiring a passcode means that all publishing must be done interactively. Many people want to automate their publish step with a CI/CD workflow.
Today, we've added a third option for access tokens: automation. You can create an automation token in your access token settings page.
Using an automation token will not prompt for a one-time passcode, meaning that you can use it as a secret in your publish workflow. Now you can publish a package directly to the npm registry when you cut a release.
If you're a package maintainer, and you want to require that publishers to your package continue to use two-factor authentication and publish interactively, you can do that in the package settings.
If you already required 2FA, there's no change to this behavior; automation tokens won't be accepted unless you allow them to be.
If you've been waiting to enable two-factor authentication on your npm account because it prevented you from publishing in an automated workflow, you can now set up an automation token and enable 2FA.

How can I authenticate a npm registry with azure devops build pipeline?

I have an app I'm creating a build pipeline for in Azure DevOps. It uses npm packages which are in a private npm registry (with code created from a different Azure DevOps organisation). When I run npm ci (or npm install) it fails with the following error:
npm ERR! code E401
npm ERR! Unable to authenticate, need: Bearer authorization_uri=https://login.windows.net/b2d01466-6e2c-4b55-8b90-e3ed41afca4a, Basic realm="https://pkgsproduks1.pkgs.visualstudio.com/", TFS-Federated
The specific packages which fail are the ones from the other organisation, which return a 401 when trying to get them.
I thought the best practice to authenticate this was to create a Service Connection within Azure DevOps. I've created a Personal Access Token within the organisation which hosts the npm packages, and used it to create a Service Connection in the organisation which contains my build pipeline. I then included it in my build pipeline yaml as follows:
- task: Npm#1
displayName: Install npm packages
inputs:
command: 'ci'
workingDir: 'Path/To/Working/Directory'
customEndpoint: 'Custom npm registry'
I've also tried using the npm authenticate build step before this (both with and without the customEndpoint: 'Custom npm registry' in the install step) and while the npm authenticate runs successfully it doesn't make any difference to the error I'm getting. I've also tried setting up the Service Connection to use my username and password rather than a PAT, but that made no difference either.
The .npmrc within my project is as follows (modified slightly):
registry=https://registry.npmjs.org/
#{scope}:registry=https://pkgs.dev.azure.com/{organisation}/_packaging/{feedName}/npm/registry/
#{scope}:always-auth=true
Can anyone see what's wrong with the authentication, or link to an article giving an example of doing this across multiple Azure DevOps organisations?
I just killed a few hours troubleshooting a similar NPM authentication issue with a hosted build agent for Azure DevOps.
I did have the NPM Authenticate job in the pipline, and I was still experiencing this error:
npm ERR! code E401
npm ERR! Unable to authenticate, your authentication token seems to be invalid.
npm ERR! To correct this please trying logging in again with:
npm ERR! npm login
As it turned, the project had a mixture of https://pkgs.dev.azure.com/<myorg>/_packaging and https://<myorg>.pkgs.visualstudio.com/_packaging (the legacy URL for the same NPM registry) in scattered .npmrc files.
Making them all to consistently use https://pkgs.dev.azure.com/<myorg>/_packaging had solved my problem.
The .npmrc should look like:
registry=https://pkgs.dev.azure.com/{organization}/{project}/_packaging/{feed}/npm/registry/
#{scope}:registry=https://pkgs.dev.azure.com/{otherorganization}/_packaging/{feed}/npm/registry/
#{otherscope}:registry=https://{thirdPartyRepository}/npm/registry/
always-auth=true

npm publish azure artifacts

I'm trying to publish a scoped package to a private azure devops artifact feed. I followed the instructions here. I have a project .npmrc with the following entries:
#my-scope:registry=https://pkgs.dev.azure.com/my-org/_packaging/my-feed/npm/registry/
#my-scope:always-auth=true
In my global user .npmrc I have the following entries:
prefix=/usr/local
strict-ssl=false
unsafe-perm=true
//registry.npmjs.org/:_authToken="my-real-token"
//pkgs.dev.azure.com/my-org/_packaging/my-feed/npm/registry/:username=${NPM_USERNAME}
//pkgs.dev.azure.com/my-org/_packaging/my-feed/npm registry/:_password="my-real-base64-token"
//pkgs.dev.azure.com/my-org/_packaging/my-feed/npm/registry/:email=${NPM_EMAIL}
//pkgs.dev.azure.com/my-org/_packaging/my-feed/npm/registry/:always-auth=true
#my-scope:registry=https://pkgs.dev.azure.com/my-org/_packaging/my-feed/npm/registry/
//pkgs.dev.azure.com/my-org/_packaging/my-feed/npm registry/:_authToken="my-real-base64-token"
cafile=${NPM_CERT_LOCATION}
When I try: npm publish I get the following error:
Unable to authenticate, need: Bearer authorization_uri=https://login.windows.net/some-guid, Basic realm="https://pkgsprodcus1.pkgs.visualstudio.com/", TFS-Federated
Based on previous posts I see that I might need to do npm login. Executing npm login gives me this error:
npm verb node v6.9.2
npm verb npm v6.8.0
npm ERR! code E400
npm ERR! 400 Bad Request - PUT https://pkgs.dev.azure.com/my-org/_packaging/my-feed/npm/registry/-/user/org.couchdb.user:my-username
I looked at this and this which seemed to be related. However, neither of them worked.
I've tried: curl and curl -u which gave me the following error:
{"$id":"1","innerException":null,"message":"TF400813: Resource not available for anonymous access. Client authentication required.","typeName":"Microsoft.TeamFoundation.Framework.Server.UnauthorizedRequestException, Microsoft.TeamFoundation.Framework.Server","typeKey":"UnauthorizedRequestException","errorCode":0,"eventId":3000}%
I'v also tried with a proxy and a cert. However, with the same results.
This is a bit old, not sure if you are still stuck, but for Windows you can use this npm package: https://www.npmjs.com/package/vsts-npm-auth:
npm install -g vsts-npm-auth
vsts-npm-auth -config path-to-your\.npmrc
Here is a more complete article from Azure DevOps that walks you through setup, .npmrc and auth and publishing: https://learn.microsoft.com/en-us/azure/devops/artifacts/npm/npmrc?view=azure-devops&tabs=windows:
If you are developing on Linux or Mac, vsts-npm-auth is not supported and we recommend generating a token in the following manner for your $HOME/.npmrc
The Connect to feed dialog box generates an appropriately formatted token that you can place into your .npmrc file with a lifespan of 90 days.
From Azure Artifacts, select Connect to feed.
Select npm.
Select Generate npm credentials. Copy the credentials to add them to your user .npmrc file manually. For Windows this is in %USERPROFILE%.npmrc and can be useful if the above method doesn't work. For Linux it is in $HOME/.npmrc.

Nexus OSS 3 - npm install requires npm login

We've started using Nexus OSS 3 as a standalone NPM server and so far it's working great but there's one thing that makes little sense to me, and that is the requirement to do the npm login before being able to npm install self published packages.
We're following the proposed repository structure:
npm_proxy - to use as proxy toward npm public repo
npm_private_internal - to use to upload self created internal packages
npm_private_external - to use to upload 3rd party packages
npm_group - to wrap all of them together so they're reachable with one URL
Now I understand that npm login should be required when publishing a new package, but why is it required when doing npm install of one of the self published packages, and can it be avoided ?
It's not required if you allow anonymous read privileges to your npm repositories. But I guess you've not given these privileges to the anonymous user?
If so, the alternative would be to base64 encode the needed credentials in your .npmrc file as described here:
https://books.sonatype.com/nexus-book/reference/npm-deploying-packages.html
But using npm login would be preferable.

Unauthorized Access in NPM Proxy repository in Nexus

I have created a proxy of NPM repository (https://registry.npmjs.org/) in my local machine.
But when I install the bower module of node.js using the proxy repository by the command:
npm install bower
it's giving "unauthorized access"
Depending on your Nexus setup you might have to configure security to be able to allow downloads. This is documented in the NPM chapter of the Nexus documentation.
You just have to add always-auth=true in your .npmrc ! Referring to the documentation
In my case I had to activate npm Bearer Token Realm in nexus administration panel.