Yarn authentication not working

[ameesme]

Hi. We've been running Sinopia for a while and recently switched to Verdaccio as a private registry.

I looked into Yarn, but didn't get this to work with Verdaccio. Yarn's authentication flow is as follows:

• yarn login
• Enter username and email
• yarn install
• Enter password if needed
• Authenticated

However, this method of authentication does not seem to work. The following error is thrown:
Error: https://*.*/isomorphic-fetch: unregistered users are not allowed to access package isomorphic-fetch

I'm not sure whether this is an issue with Yarn or Verdaccio. Do any of you have experiences with using the combination of the two?

[Nicholaiii]

Yarn is a completely different beast than NPM. While I would like to use this approach as well, I think it's a lot more work than simply just doing it.

[qballer]

Can we have a yarn connector for verdaccio?
It's a PR and development, I know. Yarn is just so much faster.

[ameesme]

I am interested in contributing to resolve this issue. Are there any guidelines available?

[qballer]

@ameesme can I help, I also would like yarn to work well with sinopia. Testing it as we speak.

[jonaskello]

According to this PR and this PR yarn should work with scoped packages on private repositories the same way npm does (with autentication information in .npmrc). However I just tested the nightly build of yarn (0.18.0-20161127.0346) and it does not work. I get the same error as in the first comment. I guess this is a problem with yarn rather than verdaccio.

[jonaskello]

I started to monitor things with tcpdump to see what was going wrong, and suddenly it just stared working. So now the nightly build of yarn (0.18.0-20161127.0346) is working and installing packages from verdaccio for me :-).

[jonaskello]

Seems it only works if you have prefixed the registry with a scope in .npmrc. Like this:

@foo:registry=https://my.reg.com/

If I omit the @foo: part it gives the same error as in the first comment (unregistered users are not allowed to access package).

[agrcrobles]

Thanks @jonaskello prefixing fixes it!

[zifeo]

Is this still working with latest yarn? I'm currently facing:

verdaccio_1  |  http  --> 404, req: 'GET https://registry.npmjs.org/@scope%2Fpackage', bytes: 0/21
verdaccio_1  |  http  <-- 200, user: test, req: 'GET /@scope%2fpackage', bytes: 0/1145
verdaccio_1  |  http  <-- 403, user: undefined, req: 'GET /@scope%2fpackage/-/package-0.1.2.tgz', error: unregistered users are not allowed to access package @scope/package

Fetching the archive does not seem to be done as registered user.

[ameesme]

@zifeo
You seem to have a different issue. The first request is a 404, so I assume that the module does not exist.

EDIT: Just noticed this is the intended behaviour as the package is probably on your Verdaccio-instance.

[zifeo]

@ameesme NPM works fine on this case. Is this the regular way of using scoped packages?

[zifeo]

@ameesme Yes, the scoped package is on Verdaccio's side. Shall I open another issue for it even though the issue seems to be the yarn authentification?

[ahmadsholehin]

@zifeo Sorry for resurrecting. Did you manage to solve the issue you faced?
I faced similar issue in which fetching the archive is not done as a registered user.

http <-- 200, user: mudd(192.168.1.1 via 172.17.0.1), req: 'GET /@datavis%2ftransformer', bytes: 0/798
http <-- 403, user: undefined(192.168.1.1 via 172.17.0.1), req: 'GET /@datavis%2ftransformer/-/transformer-0.0.1.tgz', error: unregistered users are not allowed to access package @datavis/transformer

I'm using sinopia-gitlab-heres for auth.

UPDATE: For anyone facing this issue, put a always-auth=true line in ~/.npmrc. This will solve the issue above.

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.