JWT token fail to authenticate

[CarlLim94]

Bug Report

Versions

	Version
Verdaccio	v5.26.3
This plugin	verdaccio-github-oauth-ui@6.0.2
Node	v18.14.0

Environment

	Name	Version
Package manager	npm	9.3.1
Browser	-	-
Operating system	ubuntu	22.04.2 LTS

Observed behavior

When running npm whoami or npm publish, getting error 401 although the JWT token is still valid

npm ERR! code E401
npm ERR! Unable to authenticate, your authentication token seems to be invalid.
npm ERR! To correct this please trying logging in again with:
npm ERR!     npm login

Expected behavior

Expecting project will be compressed and upload into s3

Steps to reproduce

• I'm setting up verdaccio by follow this guide

• On web, successful to login and able to see the package I published previously (permission was set the $all previously, published as anonymous, now updated to $authenticated)

• clicked on the configuration, set the registry and access token in gitbash

• then run npm whoami

• I did came across the the troubleshooting section, added the security in the config but still behave the same

Additional context

~/.config/verdaccio/config.yaml

store:
  aws-s3-storage:
    bucket: {bucket-name}
    accessKeyId: {id}
    secretAccessKey: {secret}

middlewares:
  github-oauth-ui:
    enabled: true

auth:
  github-oauth-ui:
    client-id: {id}
    client-secret: {secret}
    token: {token}

uplinks:
  npmjs:
    url: https://registry.npmjs.org/

packages:
  '@*/*':
    access: $authenticated
    publish: $authenticated
    unpublish: $authenticated
    # access: github/orgs/our_org
    # publish: github/orgs/our_org
    # unpublish: github/orgs/our_org
    proxy: npmjs
  '**':
    access: $authenticated
    publish: $authenticated
    unpublish: $authenticated
    # access: github/orgs/our_org
    # publish: github/orgs/our_org
    # unpublish: github/orgs/our_org
    proxy: npmjs

log:
  type: file
  path: /home/ubuntu/logs/debug.log
  level: debug

security:
  api:
    legacy: false
    jwt:
      sign:
        expiresIn: 29d

[n4bb12]

The command should be npm whoami --registry http://localhost:4873, not npm whoami

[CarlLim94]

I had set the registry in .nvmrc already Will try again with that configuration

[CarlLim94]

Hi,

running npm whoami --registry {domain} does get my github username. after that I tried to re-login from the verdaccio UI, then run these commands:

• npm config set //npm.devops.uenrol.me/:_authToken "{jwt token}"
• npm publish --registry {domain}

I'm still getting the error 401 as mentioned above

[n4bb12]

Did you set always-auth? Please see the commands in the UI. Please make sure you performed all the right steps.

[CarlLim94]

Hi,

After you mentioning about the npm whoami require to add in the registry flag I had found out that when I run config set command it set the value in .npmrc which is located in my home directory but when I run npm publish in my project directory, it seems to looking for .npmrc in the project folder therefore it is not authenticating correctly.

Thanks a lot for your assists, currently already able to publish with the correct credential.

[n4bb12]

Great, glad you got it working ✨😀