Can i help ?

[jbanety]

Hi @guybedford, I started to test jspm beta 2 and I have this message : "Reauthorization for registry scopes not yet implemented. Please post an issue."

Can i help ?

[guybedford]

Hi @jbanety thanks for letting me know you're hitting this!

If you're interested in contributing that would be a huge help - I'm very much in need of core contributions to the project.

To try to dig into the case - are you using a custom npm registry here, or are you just trying to install from a private scope?

Both cases should be supported, but this error is specifically that the auth information was not found in the npmrc file (or not properly retrieved), and that jspm doesn't yet provide an interactive way to provide npm auth apart from what is already available in the npmrc.

If we can narrow it down I'd be happy to work with you on it further too.

[jbanety]

Hi, I do using a custom private registry run by verdaccio. The auth token is in my .npmrc. This was ok with jspm@beta.

[guybedford]

Thanks for clarifying - this definitely sounds like a bug then to me as opposed to the feature that message is referring to.

Could you share your npmrc file with the auth token blurred out? That would help to see if we can catch the bug here.

The logic exactly in that function should be picking up the auth token, so if you want to debug this, following where in that logic the auth token is being dropped would help.

Also running with --log debug may provide some info on the auth state too.

[jbanety]

Here is my .npmrc :

@fortawesome:registry=https://npm.fontawesome.com/
//npm.fontawesome.com/:_authToken=[...]
@etdsolutions:registry=https://npm.etd-solutions.com/
//npm.etd-solutions.com/:_authToken="[...]"

With debug log :

$ jspm install @etdsolutions/request --log debug

     Installing @etdsolutions/request
     Installing...
     Getting credentials for https://npm.etd-solutions.com/@etdsolutions%2Frequest
     No credentials details found for https://npm.etd-solutions.com.
     GET https://npm.etd-solutions.com/@etdsolutions%2Frequest without auth
warn Invalid authorization for GET https://npm.etd-solutions.com/@etdsolutions%2Frequest.
     Getting credentials for https://npm.etd-solutions.com/@etdsolutions%2Frequest
warn Reauthorization for registry scopes not yet implemented. Please post an issue.
     No credentials details found for https://npm.etd-solutions.com.
     GET https://npm.etd-solutions.com/@etdsolutions%2Frequest without auth
     Looking up @etdsolutions/request
err  Invalid status code 403 looking up @etdsolutions/request. Forbidden
     Resolving npm:@etdsolutions/request@*

And by the way, I have this error TypeError: this.util.log is not a function at https://github.com/jspm/npm/blob/2.0/npm.js#L79, fixed by adding .warn.

[jbanety]

After investigating :

the first problem is at https://github.com/jspm/npm/blob/2.0/npm.js#L85 where you ask for auth only for publish request but my repo is private and closed even for GET request. So I commented this check and I have to add always-auth to my .npmrc to force getting auth token (as for https://github.com/jspm/npm/blob/2.0/npm.js#L117) and it works.

[guybedford]

Amazing thanks @jbanety for the clear report on this! That is so great to know the root cause.

Anytime the registry was determined from a scope authorization it should effectively default into an "always-auth" mode without this needing to be an explicit option on the npmrc. That logic may either be missing or simply not quite working as I implemented it without a private scope registry here to test against myself.

If you're able to work on a PR here I will gladly accept it, otherwise I will fix this as soon as I can.

[jbanety]

Hi @guybedford, I created a PR #175 to fix two issues :

• missing colon for in protocol check so always deny auth for private registry
• always auth if url pathname contains a @ for scoped package.

This PR is also valid for master branch ?