Skip to content

Commit

Permalink
feat: separate login/adduser, remove auth types
Browse files Browse the repository at this point in the history
BREAKING CHANGE: This removes all `auth-type` configs except `web` and
`legacy`.

BREAKING CHANGE: Finally, `login` and `adduser` are now separate
commands that send different data to the registry.

BREAKING CHANGE: `auth-type` config values `web` and `legacy` only try
their respective methods, npm no longer tries them all and waits to see
which one doesn't fail.

The difference between `adduser` and `login` depends on the `auth-type`.

 - `web`: the POST to `/-/v1/login` contains a `{ create: true }` value
   in its payload for `adduser`
 - `legacy` the `PUT` request  to `/-/user/org.couchdb.user:${username}`
   contains an `email` value in its payload for `adduser`.
  • Loading branch information
wraithgar committed Sep 21, 2022
1 parent dcc3765 commit c860c61
Show file tree
Hide file tree
Showing 29 changed files with 645 additions and 1,329 deletions.
27 changes: 7 additions & 20 deletions docs/content/commands/npm-adduser.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ description: Add a registry user account
```bash
npm adduser

aliases: login, add-user
alias: add-user
```

<!-- automatically generated, do not edit manually -->
Expand All @@ -25,22 +25,12 @@ Note: This command is unaware of workspaces.

### Description

Create or verify a user named `<username>` in the specified registry, and
save the credentials to the `.npmrc` file. If no registry is specified,
the default registry will be used (see [`config`](/using-npm/config)).
Create a new user in the specified registry, and save the credentials to
the `.npmrc` file. If no registry is specified, the default registry
will be used (see [`config`](/using-npm/config)).

The username, password, and email are read in from prompts.

To reset your password, go to <https://www.npmjs.com/forgot>

To change your email address, go to <https://www.npmjs.com/email-edit>

You may use this command multiple times with the same user account to
authorize on a new machine. When authenticating on a new machine,
the username, password and email address must all match with
your existing record.

`npm login` is an alias to `adduser` and behaves exactly the same way.
When using `legacy` for your `auth-type`, the username, password, and
email are read in from prompts.

### Configuration

Expand Down Expand Up @@ -93,10 +83,7 @@ npm init --scope=@foo --yes
#### `auth-type`

* Default: "legacy"
* Type: "legacy", "web", "sso", "saml", "oauth", or "webauthn"

NOTE: auth-type values "sso", "saml", "oauth", and "webauthn" will be
removed in a future version.
* Type: "legacy" or "web"

What authentication strategy to use with `login`.

Expand Down
110 changes: 110 additions & 0 deletions docs/content/commands/npm-login.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
---
title: npm-login
section: 1
description: Login to a registry user account
---

### Synopsis

<!-- AUTOGENERATED USAGE DESCRIPTIONS START -->
<!-- automatically generated, do not edit manually -->
<!-- see lib/commands/login.js -->

```bash
npm login
```

<!-- automatically generated, do not edit manually -->
<!-- see lib/commands/login.js -->

<!-- AUTOGENERATED USAGE DESCRIPTIONS END -->

Note: This command is unaware of workspaces.

### Description

Verify a user in the specified registry, and save the credentials to the
`.npmrc` file. If no registry is specified, the default registry will be
used (see [`config`](/using-npm/config)).

When using `legacy` for your `auth-type`, the username and password, are
read in from prompts.

To reset your password, go to <https://www.npmjs.com/forgot>

To change your email address, go to <https://www.npmjs.com/email-edit>

You may use this command multiple times with the same user account to
authorize on a new machine. When authenticating on a new machine,
the username, password and email address must all match with
your existing record.

### Configuration

<!-- AUTOGENERATED CONFIG DESCRIPTIONS START -->
<!-- automatically generated, do not edit manually -->
<!-- see lib/utils/config/definitions.js -->
#### `registry`

* Default: "https://registry.npmjs.org/"
* Type: URL

The base URL of the npm registry.

<!-- automatically generated, do not edit manually -->
<!-- see lib/utils/config/definitions.js -->

#### `scope`

* Default: the scope of the current project, if any, or ""
* Type: String

Associate an operation with a scope for a scoped registry.

Useful when logging in to or out of a private registry:

```
# log in, linking the scope to the custom registry
npm login --scope=@mycorp --registry=https://registry.mycorp.com
# log out, removing the link and the auth token
npm logout --scope=@mycorp
```

This will cause `@mycorp` to be mapped to the registry for future
installation of packages specified according to the pattern
`@mycorp/package`.

This will also cause `npm init` to create a scoped package.

```
# accept all defaults, and create a package named "@foo/whatever",
# instead of just named "whatever"
npm init --scope=@foo --yes
```


<!-- automatically generated, do not edit manually -->
<!-- see lib/utils/config/definitions.js -->

#### `auth-type`

* Default: "legacy"
* Type: "legacy" or "web"

What authentication strategy to use with `login`.

<!-- automatically generated, do not edit manually -->
<!-- see lib/utils/config/definitions.js -->

<!-- AUTOGENERATED CONFIG DESCRIPTIONS END -->

### See Also

* [npm registry](/using-npm/registry)
* [npm config](/commands/npm-config)
* [npmrc](/configuring-npm/npmrc)
* [npm owner](/commands/npm-owner)
* [npm whoami](/commands/npm-whoami)
* [npm token](/commands/npm-token)
* [npm profile](/commands/npm-profile)
30 changes: 1 addition & 29 deletions docs/content/using-npm/config.md
Original file line number Diff line number Diff line change
Expand Up @@ -218,10 +218,7 @@ exit code.
#### `auth-type`

* Default: "legacy"
* Type: "legacy", "web", "sso", "saml", "oauth", or "webauthn"

NOTE: auth-type values "sso", "saml", "oauth", and "webauthn" will be
removed in a future version.
* Type: "legacy" or "web"

What authentication strategy to use with `login`.

Expand Down Expand Up @@ -2084,31 +2081,6 @@ Alias for --package-lock
<!-- automatically generated, do not edit manually -->
<!-- see lib/utils/config/definitions.js -->

#### `sso-poll-frequency`

* Default: 500
* Type: Number
* DEPRECATED: The --auth-type method of SSO/SAML/OAuth will be removed in a
future version of npm in favor of web-based login.

When used with SSO-enabled `auth-type`s, configures how regularly the
registry should be polled while the user is completing authentication.

<!-- automatically generated, do not edit manually -->
<!-- see lib/utils/config/definitions.js -->

#### `sso-type`

* Default: "oauth"
* Type: null, "oauth", or "saml"
* DEPRECATED: The --auth-type method of SSO/SAML/OAuth will be removed in a
future version of npm in favor of web-based login.

If `--auth-type=sso`, the type of SSO type to use.

<!-- automatically generated, do not edit manually -->
<!-- see lib/utils/config/definitions.js -->

#### `tmp`

* Default: The value returned by the Node.js `os.tmpdir()` method
Expand Down
3 changes: 3 additions & 0 deletions docs/nav.yml
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,9 @@
- title: npm link
url: /commands/npm-link
description: Symlink a package folder
- title: npm login
url: /commands/npm-login
description: Login to a registry user account
- title: npm logout
url: /commands/npm-logout
description: Log out of the registry
Expand Down
100 changes: 0 additions & 100 deletions lib/auth/legacy.js

This file was deleted.

8 changes: 0 additions & 8 deletions lib/auth/oauth.js

This file was deleted.

8 changes: 0 additions & 8 deletions lib/auth/saml.js

This file was deleted.

Loading

0 comments on commit c860c61

Please sign in to comment.