search

OpenWaterFoundation / owf-app-infomapper-ng

Open Water Foundation InfoMapper web application for menu-driven maps and visualizations, using Angular
GNU General Public License v3.0
1 stars 2 forks source link

npm install using library package has an error #371

Closed smalers closed 2 years ago

smalers commented 3 years ago

I did a pull on this repository for the Poudre Basin Information application. Then I ran npm install and get:

npm install
npm ERR! code E401
npm ERR! 401 Unauthorized: @openwaterfoundation/common@0.0.1-alpha.6

npm ERR! A complete log of this run can be found in:
npm ERR!     C:\Users\sam\AppData\Roaming\npm-cache\_logs\2021-04-15T04_56_04_915Z-debug.log
smalers commented 3 years ago

I read Josh's information about packages on issue #370. Here is my feedback based on my notes. I am using Git Bash.

I did not see any mention of npm login in the InfoMapper README. I searched for npmrc using the browser find feature. I think it needs to be in the README of probably every product README that uses GitHub packages and troubleshooting section if that exists in documentation. After working through the following I found the instructions in the package README. I suggest that the InfoMapper README should mention more explicitly how to find the relevant information in the package README.

I first tried doing a pull and npm install without logging in. I get the following, which is similar to before and expected because I did not do npm login yet.

npm install
npm ERR! code E401
npm ERR! 401 Unauthorized: @OpenWaterFoundation/common@0.0.1-alpha.7

npm ERR! A complete log of this run can be found in:
npm ERR!     C:\Users\sam\AppData\Roaming\npm-cache\_logs\2021-04-16T20_27_26_584Z-debug.log

Next I did npm login as per issue #370, trying my GitHub account password. That did not work and the password is shown in plain text on the screen so not good. Therefore I am going to try the Google Package key for the password. In my GitHub account I looked under SSH and GPG Keys. I clicked on New GPG Key but trying to follow the on-screen information generated an error because I don't know what I am doing. I found this documentation and read the section on generating a new key. GPG is apparently Gnu Privacy Guard. I tried to follow this documentation. I am using git bash with gpg --version output 1.4.22 so I used gpg --gen-key, which works. I used the default of RSA and RSA keysize of 4096 based on the GitHub article. I used a valid time of 1y. This generates a GPG but is this really what I need?

I tried npm login again as above and used the GPG key and get a 401 error. The notes from Josh indicated to enter the "GitHub Package access Token". I assumed this was a GPG but maybe not. So, I'm stuck. What is this token and where do I get it from? Also, there is a link below that is broken in the package README. Maybe that is what I am looking for.

https://github.com/OpenWaterFoundation/owf-app-dev-ng/packages/655009?version=0.0.1-alpha.7#authenticating-to-github-packages

Nightsphere commented 3 years ago

I see now that my documentation on the personal access token is non-existent. I thought we had already created one for you but that was weeks ago now. The personal access token is indeed different from the SSH and GPG keys.

Under Settings, click on Developer Settings near the bottom, in its own section. Then click on Personal access tokens. This should show you the access token that was already created, and what it can do. It won't actually show you the token itself. It might have the warning that you should create a new token anyways, which might be a good thing. Use that as the password in the npm login.

I've had issues using my actual GitHub password on multiple different authentication prompts in the past. Pushing, pulling, npm login, the list goes on. For some reason, tokens have never let me down. As far as showing up in plain text, it just seems that's how the command works, so I'm not sure what to do about that.

smalers commented 3 years ago

I did previously set up a Personal Access Token but forgot about its use. I do see now that I have a keepass with saved token that I have been using for GitHub access. Where I was confused was with the terminology "Package access token". When I try to use my saved token I get:

npm ERR! code E401
npm ERR! Registry returned 401 for PUT on https://npm.pkg.github.com/-/user/org.couchdb.user:smalers: Error authenticating user: Personal Access Token is invalid. Your token must have the `repo` and read:packages` scopes to login to the GitHub Package Registry.

Also, it is important to note that the setting is for the GitHub user account Developer Settings, not the repository or package, which may not be immediately obvious. The token than I am using has ONLY the setting read:packages. This did not work and gives the above error. However, changing to include repo (which auto-selects all sub-choices) and read:packages does indeed work. My takeaway from all this is that the original instructions need to be precise in describing the token as "GitHub account personal access token that has repo and read:packages access permissions." and make sure it is obvious in each repo that uses packages how to configure things properly. Either repeat the information or somehow link to the package repo. The GitHub documentation and other internet resources contain a lot of inaccurate or dated information.

Nightsphere commented 2 years ago

The npm authentication was confirmed as the issue, and the Common Package README, which displays on the Package "home" page, was updated to add more clarity. The home page can be found here. Closing this issue.