uv: HTTP 401 Unauthorized for private package index

Hello! Very excited for this project ❤️

Installing a package from a private azure package index (Azure Artifacts) seems to be failing with a HTTP status client error (405 Method Not Allowed):

uv pip install --extra-index-url "https://<FEED_NAME>:<PERSONAL_ACCESS_TOKEN>@pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/<FEED_NAME>/pypi/simple/" package-name                                          
error: Failed to download: package-name==X.Y.Z
  Caused by: HTTP status client error (405 Method Not Allowed) for url (pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/.../pypi/download/package-name/X.Y.Z/package_name-X.Y.Z-py3-none-any.whl#[sha256=])

The equivalent pip-native command works as expected

python -m pip install --extra-index-url "https://<FEED_NAME>:<PERSONAL_ACCESS_TOKEN>@pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/<FEED_NAME>/pypi/simple/" package-name

About this issue

  • Original URL
  • State: closed
  • Created 5 months ago
  • Reactions: 13
  • Comments: 16 (8 by maintainers)

Commits related to this issue

Most upvoted comments

Yep this is a priority for me next week!

A fix is up at https://github.com/astral-sh/uv/pull/1886 if anyone wants to give it a try against a private index.

Thank you all!

I can confirm that on uv 0.1.6 this is no longer giving 405 Method Not Allowed but a 401 Unauthorized

uv pip install --extra-index-url "https://<FEED_NAME>:<PERSONAL_ACCESS_TOKEN>@pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/<FEED_NAME>/pypi/simple/" package-name                                          
error: Failed to download: package-name==X.Y.Z
  Caused by: HTTP status client error (401 Unauthorized) for url (pkgs.dev.azure.com/<ORGANIZATION_NAME>/_packaging/.../pypi/download/package-name/X.Y.Z/package_name-X.Y.Z-py3-none-any.whl#[sha256=])

Okay, @olivierlefloch fixed HEAD requests, but there’s now an auth problem. @zanieb, do you want to take from here?

Verified working on azure artifacts feed using token authentication!!

Incredible work @zanieb, @olivierlefloch and @charliermarsh 🚀

Same for gitlab hosted private package index: getting a 401 Unauthorized. Interestingly, opening the URL in the error message in the browser downloads the package for me without a problem. the url looks like this:

https://gitlab.com/api/v4/groups/<GROUP_NR>/-/packages/pypi/files/<SOME_LONG_HASH>/<PKG_NAME>-py3-none-any.whl#sha256=<PKG_SHA>

Thank you @zanieb! At least for Azure Artifacts, I am still seeing the same error on 0.1.8 (401 Unauthorized)

Thanks and sorry about that – we’ll get this setup internally and see if we can reproduce.

I can confirm as well ❤️ Thank you so much!

Hi! We just merged a fix with #1874 that’s out in v0.1.8 — let me know if that helps. I’ll continue testing against various private repositories.