-
Notifications
You must be signed in to change notification settings - Fork 3.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] ENEEDAUTH when authenticating against a registry via mTLS #4765
Closed
2 tasks done
Labels
Bug
thing that needs fixing
Needs Triage
needs review for next steps
Release 8.x
work is associated with a specific npm 8 release
Comments
jenseng
added
Bug
thing that needs fixing
Needs Triage
needs review for next steps
Release 8.x
work is associated with a specific npm 8 release
labels
Apr 15, 2022
jenseng
added a commit
to jenseng/config
that referenced
this issue
Jul 12, 2022
RFC: npm/rfcs#591 See also: npm/npm-registry-fetch#125 By itself this change doesn't do much, but it enables us to resolve npm/cli#4765 and surface these options anywhere else they may be needed.
jenseng
added a commit
to jenseng/cli
that referenced
this issue
Jul 12, 2022
Closes npm#4765 RFC: npm/rfcs#591 While this doesn't directly allow top-level cert/key as credentials (per the original issue), it's a more targeted/secure approach that accomplishes the same end-result; the new options are scoped to a specific registry, and the actual cert/key contents are much less likely to be exposed. See the RFC for more context. Depends on: * npm/npm-registry-fetch#125 * npm/config#69
wraithgar
pushed a commit
to npm/config
that referenced
this issue
Jul 18, 2022
RFC: npm/rfcs#591 See also: npm/npm-registry-fetch#125 By itself this change doesn't do much, but it enables us to resolve npm/cli#4765 and surface these options anywhere else they may be needed.
jenseng
added a commit
to jenseng/cli
that referenced
this issue
Jul 18, 2022
Closes npm#4765 RFC: npm/rfcs#591 While this doesn't directly allow top-level cert/key as credentials (per the original issue), it's a more targeted/secure approach that accomplishes the same end-result; the new options are scoped to a specific registry, and the actual cert/key contents are much less likely to be exposed. See the RFC for more context. Depends on: * npm/npm-registry-fetch#125 * npm/config#69
jenseng
added a commit
to jenseng/cli
that referenced
this issue
Jul 18, 2022
Closes npm#4765 RFC: npm/rfcs#591 While this doesn't directly allow top-level cert/key as credentials (per the original issue), it's a more targeted/secure approach that accomplishes the same end-result; the new options are scoped to a specific registry, and the actual cert/key contents are much less likely to be exposed. See the RFC for more context. Depends on: * npm/npm-registry-fetch#125 * npm/config#69
jenseng
added a commit
to jenseng/cli
that referenced
this issue
Jul 18, 2022
Closes npm#4765 RFC: npm/rfcs#591 While this doesn't directly allow top-level cert/key as credentials (per the original issue), it's a more targeted/secure approach that accomplishes the same end-result; the new options are scoped to a specific registry, and the actual cert/key contents are much less likely to be exposed. See the RFC for more context. Depends on: * npm/npm-registry-fetch#125 * npm/config#69
jenseng
added a commit
to jenseng/cli
that referenced
this issue
Jul 19, 2022
Closes npm#4765 RFC: npm/rfcs#591 While this doesn't directly allow top-level cert/key as credentials (per the original issue), it's a more targeted/secure approach that accomplishes the same end-result; the new options are scoped to a specific registry, and the actual cert/key contents are much less likely to be exposed. See the RFC for more context. Depends on: * npm/npm-registry-fetch#125 * npm/config#69
jenseng
added a commit
to jenseng/cli
that referenced
this issue
Jul 19, 2022
Closes npm#4765 RFC: npm/rfcs#591 While this doesn't directly allow top-level cert/key as credentials (per the original issue), it's a more targeted/secure approach that accomplishes the same end-result; the new options are scoped to a specific registry, and the actual cert/key contents are much less likely to be exposed. See the RFC for more context. Depends on: * npm/npm-registry-fetch#125 * npm/config#69
fritzy
pushed a commit
that referenced
this issue
Jul 20, 2022
Closes #4765 RFC: npm/rfcs#591 While this doesn't directly allow top-level cert/key as credentials (per the original issue), it's a more targeted/secure approach that accomplishes the same end-result; the new options are scoped to a specific registry, and the actual cert/key contents are much less likely to be exposed. See the RFC for more context. Depends on: * npm/npm-registry-fetch#125 * npm/config#69
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Bug
thing that needs fixing
Needs Triage
needs review for next steps
Release 8.x
work is associated with a specific npm 8 release
Is there an existing issue for this?
This issue exists in the latest npm version
Current Behavior
If you have a custom registry that authenticates clients via mTLS (i.e. client
cert
/key
in your.npmrc
), you cannot publish unless you also specify some credentials, due to this check.If your registry also validates any provided
Authorization
headers, the publish may fail if the credentials are invalid. Depending on the registry, this may not be configurable, so you might need to doubly authenticate (mTLS AND credentials).Expected Behavior
npm publish
with just acert
+key
should proceed past this check.If this gets fixed, future work for npm/npm-registry-fetch#38 should also take it into account.
Steps To Reproduce
No response
Environment
No response
The text was updated successfully, but these errors were encountered: