A few months ago I created a private npm feed in Azure Artifacts. Authentication with this feed worked fine.
Recently others have started using this feed and authentication is not working for them using the tokens they have generated from Azure Artifacts. When npm installing they get the following error
npm ERR! Unable to authenticate, your authentication token seems to be
invalid. npm ERR! To correct this please trying logging in again with:
npm ERR! npm login
In the npm debug log there is this error
verbose stack Error: Unable to authenticate, need: Bearer, Basic realm="{{redacted url}}", NTLM
It appears that the structure of the authentication token which we put in the global .npmrc file has changed in Azure Artifacts
From:
; Treat this auth token like a password. Do not share it with anyone, including Microsoft support. This token expires on or before 27/02/2020.
; begin auth token
//{{redacted URL}}/_packaging/{{redacted user name}}/npm/registry/:_authToken={{redacted token string}}
//{redacted URL}}/_packaging/{{redacted user name}}/npm/:_authToken={{redacted token string}}
; end auth token
To
; Treat this auth token like a password. Do not share it with anyone, including Microsoft support. This token expires on or before 14/04/2020.
; begin auth token
//{{redacted url}}/npm/registry/:username={{redacted username}}
//{{redacted url}}/npm/registry/:_password={{redacted password}}
//{{redacted url}}/npm/registry/:email=npm requires email to be set but doesn't use the value
//{{redacted url}}/_packaging/{{redacted username}}/npm/:username={{redacted user name}}
//{{redacted url}}/_packaging/{{redacted username}}/npm/:_password={{redacted password}}
//{{redacted url}}/_packaging/{{redacted username}}/npm/:email=npm requires email to be set but doesn't use the value
; end auth token
When the second token is used (or indeed any of the tokens I now generate from Azure Artifacts), we cannot npm install
, we get the error shown above. If other people use the same token (in the old format) as I have, this works fine. But this token will expire soon.
I have tried providing an email address instead of the strings "npm requires email to be set but doesn't use the value" but this also did not work.
This may be unrelated but we recently upgraded from tfs version 16.131.28507.4 to Azure Devops Server version Dev17.M153.3.
Does anyone know why the authentication token format has changed? And/Or how I can make the new tokens work with my private feed?
npm version: 6.13.0
node version: 10.12.0
Azure Devops Server version: Dev17.M153.3
strict-ssl=false
to the end of your global .npmrc? (or run npm config set strict-ssl false). I was encountering self-signed cerficate error. And fixed by addstrict-ssl=false
. Donot know if it will work for your case? – Levi Lu-MSFT