npm

Check out our latest tech talk, "JavaScript Supply Chain Security" presented by VP of Security, Adam Baldwin.Watch it here »

verdaccio-github-oauth-ui

1.7.3 • Public • Published

📦🔐 Verdaccio GitHub OAuth UI

A GitHub OAuth Plugin for Verdaccio – https://www.verdaccio.org

Version License Issues CircleCI Dependencies LGTM

About

The plugin is similar to verdaccio-github-oauth, but also changes the UI login behaviour. When clicking the login button, instead of filling in a login form, you are asked to log in with GitHub.

In case you need CLI support for automation purposes, the plugin is also compatible with sinopia-github-oauth-cli.

Install

$ npm install verdaccio-github-oauth-ui

Configuration

Verdaccio Config

Merge the below options with your existing Verdaccio configuration:

middlewares:
  github-oauth-ui:
    client-id: $GITHUB_OAUTH_CLIENT_ID # required
    client-secret: $GITHUB_OAUTH_CLIENT_SECRET # required
 
auth:
  github-oauth-ui:
    org: $GITHUB_OAUTH_ORG # required, people within this org will be able to auth

The values for client-id and client-secret can either be an environment variable name or the value itself.

GitHub Config

When creating the OAuth app at https://github.com/settings/developers, the callback URL should be:

YOUR_REGISTRY_URL/-/oauth/callback

If url_prefix is specified in the Verdaccio config then it must match the YOUR_REGISTRY_URL.

How to Login

Verdaccio

Click the login button and login at GitHub, if not already logged in.

Authorize the registry. Important: When using a private GitHub org, make sure to click the Request button for read:org access. See #5.

After successful login and authorization, you're redirected back to the verdaccio registry.

Command Line

To set up authentication with the registry in your npm CLI, you'll need to run the commands shown in the header:

To verify that the authentication token is set up correctly, run the following command:

$ npm whoami --registry YOUR_REGISTRY_URL
n4bb12

If you see your GitHub username, you are ready to start publishing packages.

Unless the token is revoked by you in the GitHub settings, it never expires.

install

npm i verdaccio-github-oauth-ui

Downloadsweekly downloads

118

version

1.7.3

license

MIT

homepage

github.com

repository

Gitgithub

last publish

collaborators

  • avatar
Report a vulnerability