verdaccio: HTTP 400 when using jwt

Describe the bug

If i enable jwt (which is enabled for web ui by default) i always get a 400 bad request reponse whenever i try to use the jwt auth token. There is no log entry for the request.

To Reproduce

  1. configure bitbucket-server as auth
  2. push a package
  3. login to webui
  4. view browser console for 400 error

Expected behavior jwt auth should just work with any auth module

Screenshots If applicable, add screenshots to help explain your problem.

Docker || Kubernetes (please complete the following information):

  • Docker verdaccio tag: [e.g. verdaccio:4.x]
  • Docker commands [e.g. docker pull …]
  • Docker Version [e.g. v18.05.0-ce-rc1] 18.09.9 / Rancher v1.6.28

https://github.com/VisualOn/docker-images/tree/master/docker/verdaccio

Configuration File (cat ~/.config/verdaccio/config.yaml)

storage: /verdaccio/storage/data
plugins: /verdaccio/plugins

web:
  title: Verdaccio

auth:
  bitbucket-server:
    url: "http://server.bitbucket:7990"
    allow: "stash-users" # optional; default = ""

# a list of other known repositories we can talk to
uplinks:
  npmjs:
    url: https://registry.npmjs.org/
  pkg:
    url: https://server.proget/npm/vo-npm/

packages:
  '@vo/*':
    # scoped packages
    access: $authenticated
    publish: $authenticated
    unpublish: $authenticated
    proxy: pkg
    storage: vo
    
  '@*/*':
    # scoped packages
    access: $all
    publish: $authenticated
    unpublish: $authenticated
    proxy: npmjs
    storage: npmjs

  '**':
    access: $all
    publish: $authenticated
    unpublish: $authenticated
    proxy: npmjs    
    storage: npmjs

middlewares:
  audit:
    enabled: true

# log settings
logs:
  - { type: stdout, format: pretty, level: http }
  - { type: file, path: /verdaccio/storage/verdaccio.log, format: pretty-timestamped, level: debug }

experiments:
  # support for npm token command
  token: true

Environment information

System: OS: Linux 5.0 Alpine Linux undefined CPU: (8) x64 AMD Opteron™ Processor 6380 Binaries: Node: 10.16.3 - /usr/local/bin/node Yarn: 1.17.3 - /usr/local/bin/yarn npm: 6.9.0 - /usr/local/bin/npm

Debugging output

  • $ NODE_DEBUG=request verdaccio display request calls (verdaccio <–> uplinks)
  • $ DEBUG=express:* verdaccio enable extreme verdaccio debug mode (verdaccio api)
  • $ npm -ddd prints:
  • $ npm config get registry prints:

Additional context

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 19 (8 by maintainers)

Most upvoted comments

Sounds good. Please let us know then what we can do to prevent or help others with this issue in the future (either by documenting it or solving it in verdaccio).

+2
DanielRuf on Dec 30, 2019

Not yet, sorry. Have a lot of other work to do. Maybe i can try it next year (begining).

+1
viceice on Dec 30, 2019

Was your issue resolved by applying the change from your last comment?

using roleTypes reduces the number of groups now:

+1
DanielRuf on Dec 28, 2019
Read more comments on GitHub
← verdaccio: Error: EPERM: operation not permitted, unlink on npm install
verdaccio: latest tag is incorrect →