uv: HTTP 401 Unauthorized for private package index

Hello! Very excited for this project ❤️

Installing a package from a private azure package index (Azure Artifacts) seems to be failing with a HTTP status client error (405 Method Not Allowed):

uv pip install --extra-index-url "https://<FEED_NAME>:<PERSONAL_ACCESS_TOKEN>@pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/<FEED_NAME>/pypi/simple/" package-name                                          
error: Failed to download: package-name==X.Y.Z
  Caused by: HTTP status client error (405 Method Not Allowed) for url (pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/.../pypi/download/package-name/X.Y.Z/package_name-X.Y.Z-py3-none-any.whl#[sha256=])

The equivalent pip-native command works as expected

python -m pip install --extra-index-url "https://<FEED_NAME>:<PERSONAL_ACCESS_TOKEN>@pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/<FEED_NAME>/pypi/simple/" package-name

About this issue

Original URL
State: closed
Created 5 months ago
Reactions: 13
Comments: 16 (8 by maintainers)

Commits related to this issue

Ensure authentication is passed from the index url to distribution files (#1886) Closes https://github.com/astral-sh/uv/issues/1709 Closes https://github.com/astral-sh/uv/issues/1371 Tested with ... — committed to astral-sh/uv by zanieb 4 months ago

Most upvoted comments

Yep this is a priority for me next week!

zanieb on Feb 18, 2024

A fix is up at https://github.com/astral-sh/uv/pull/1886 if anyone wants to give it a try against a private index.

zanieb on Feb 22, 2024

Thank you all!

I can confirm that on uv 0.1.6 this is no longer giving 405 Method Not Allowed but a 401 Unauthorized

uv pip install --extra-index-url "https://<FEED_NAME>:<PERSONAL_ACCESS_TOKEN>@pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/<FEED_NAME>/pypi/simple/" package-name                                          
error: Failed to download: package-name==X.Y.Z
  Caused by: HTTP status client error (401 Unauthorized) for url (pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/.../pypi/download/package-name/X.Y.Z/package_name-X.Y.Z-py3-none-any.whl#[sha256=])

exs-avianello on Feb 21, 2024

Okay, @olivierlefloch fixed HEAD requests, but there’s now an auth problem. @zanieb, do you want to take from here?

charliermarsh on Feb 19, 2024

Verified working on azure artifacts feed using token authentication!!

Incredible work @zanieb, @olivierlefloch and @charliermarsh 🚀

inigohidalgo on Feb 22, 2024

Same for gitlab hosted private package index: getting a 401 Unauthorized. Interestingly, opening the URL in the error message in the browser downloads the package for me without a problem. the url looks like this:

https://gitlab.com/api/v4/groups/<GROUP_NR>/-/packages/pypi/files/<SOME_LONG_HASH>/<PKG_NAME>-py3-none-any.whl#sha256=<PKG_SHA>

gwdekker on Feb 22, 2024

Thank you @zanieb! At least for Azure Artifacts, I am still seeing the same error on 0.1.8 (401 Unauthorized)

exs-avianello on Feb 22, 2024

Thanks and sorry about that – we’ll get this setup internally and see if we can reproduce.

charliermarsh on Feb 18, 2024

I can confirm as well ❤️ Thank you so much!

exs-avianello on Feb 23, 2024

Hi! We just merged a fix with #1874 that’s out in v0.1.8 — let me know if that helps. I’ll continue testing against various private repositories.

zanieb on Feb 22, 2024