How should I use artifactory access token for access to npm repo

Robin Southgate picture Robin Southgate · Jul 8, 2017 · Viewed 15.9k times · Source

I would like to use an access token to publish and retrieve from an artifactory npm repo from a CI environment. I have created a Bearer token using the artifactory API but when I try and use that for access in the .npmrc with the format:

//mydomain.jrog.io/:_authToken=myveryverylongaccesstoken
registry=https://mydomain.jfrog.io/mydomain/api/npm/npm

I always receive 401 errors back.

In addition, though perhaps a different issue, if I try to use npm login with my actual artifactory credentials I get the response:

adduser Incorrect username or password
npm WARN adduser You can reset your account by visiting:
npm WARN adduser 
npm WARN adduser     https://npmjs.org/forgot
npm WARN adduser 
npm ERR! code E403
npm ERR! forbidden No oauth npm default login configuration found: org.couchdb.user:myusername

The artifactory docs around access tokens explicitly say this is the sort of use case to set up an access token, but the docs around setting up the npm repo alwyas seem to imply you need a real user account and make no mention of access tokens...

Answer

Arnaud Jeansen picture Arnaud Jeansen · Aug 2, 2017

What is your artifactory version?

The "npm login" way is only supported since 5.4 (aka. _authToken), so if you are below that, your only chance is to authenticate with BASIC authentication (aka. _auth).

Basic authentication is fairly easy to setup, Artifactory provides an easy entry point to help you set up your .npmrc

Launch the following (and do not forget to replace user and encrypted_password with the Artifactory user account you want to authenticate with)

curl -u user:encrypted_password https://mydomain.jfrog.io/mydomain/api/npm/auth

It will output something like

_auth = YourLongBasicAuthToken always-auth = true email = [email protected]

Copy these 3 lines in your .npmrc, and this should work well...