Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Error 401 unable to authenticate, your authentication token seems to be invalid

See original GitHub issue

Describe the bug

Authentication seems to be broken. I’m not sure what’s happened here, I didn’t update verdaccio, but it’s broken for all versions of npm, so is this an npm issue or a verdaccio issue?

Updating verdaccio to 4.2.2 hasn’t fixed it.

To Reproduce

$ npm i
npm ERR! code E401
npm ERR! Unable to authenticate, your authentication token seems to be invalid.
npm ERR! To correct this please trying logging in again with:
npm ERR!     npm login

$ npm show @wd/build
npm ERR! code E401
npm ERR! Unable to authenticate, your authentication token seems to be invalid.
npm ERR! To correct this please trying logging in again with:
npm ERR!     npm login

Expected behavior

I expect all of the above to work without authentication errors!

Docker || Kubernetes (please complete the following information):

Docker verdaccio tag: verdaccio:4.2.2
Docker Version v18.09.5

Configuration File (cat ~/.config/verdaccio/config.yaml)

storage: /verdaccio/storage
plugins: /verdaccio/plugins
auth:
  htpasswd:
    file: /verdaccio/conf/htpasswd
    # prevent registration of new users
    #max_users: -1
web:
  # WebUI is enabled as default, if you want disable it, just uncomment this line
  #enable: false
  title: Verdaccio
uplinks:
  npmjs:
    url: https://registry.npmjs.org/
packages:
  # access/publish default to none
  '@wd/*':
    access: $authenticated
    publish: simon
    storage: /verdaccio/local_storage
  '@*/*':
    access: $authenticated
    # no publish
    proxy: npmjs
  '**':
    access: $authenticated
    # no publish
    proxy: npmjs

# To use `npm audit` uncomment the following section
middlewares:
  audit:
    enabled: true
logs:
  - {type: stdout, format: pretty, level: debug}

Environment information

Verdaccio 4.2.2 (docker)

Environment Info:

  System:
    OS: Linux 4.9 Alpine Linux undefined
    CPU: (8) x64 Intel(R) Xeon(R) CPU D-1520 @ 2.20GHz
  Binaries:
    Node: 10.16.3 - /usr/local/bin/node
    Yarn: 1.17.3 - /usr/local/bin/yarn
    npm: 6.9.0 - /usr/local/bin/npm

Debugging output

$ npm -ddd prints:

$ npm adduser -ddd --registry=http://npm.systemparadox.co.uk --scope=@wd --always-auth
npm info it worked if it ends with ok
npm verb cli [ '/usr/bin/node',
npm verb cli   '/home/simon/npm/bin/npm',
npm verb cli   'adduser',
npm verb cli   '-ddd',
npm verb cli   '--registry=http://npm.systemparadox.co.uk',
npm verb cli   '--scope=@wd',
npm verb cli   '--always-auth' ]
npm info using npm@6.3.0
npm info using node@v10.15.2
npm verb npm-session 29208124d9c53929
npm verb web login before first POST
npm http request → POST http://npm.systemparadox.co.uk/-/v1/login
npm http 404 ← Not Found (http://npm.systemparadox.co.uk/-/v1/login)
npm verb web login not supported, trying couch 
Username: simon
Password: 
Email: (this IS public) simon@systemparadox.co.uk
npm verb login before first PUT { _id: 'org.couchdb.user:simon',
npm verb login   name: 'simon',
npm verb login   password: 'XXXXX',
npm verb login   type: 'user',
npm verb login   roles: [],
npm verb login   date: '2019-08-28T15:55:20.128Z' }
npm http request → PUT http://npm.systemparadox.co.uk/-/user/org.couchdb.user:simon
npm http 409 ← Conflict (http://npm.systemparadox.co.uk/-/user/org.couchdb.user:simon)
npm http request → GET http://npm.systemparadox.co.uk/-/user/org.couchdb.user:simon?write=true
npm http 200 ← OK (http://npm.systemparadox.co.uk/-/user/org.couchdb.user:simon?write=true)
npm http request → PUT http://npm.systemparadox.co.uk/-/user/org.couchdb.user:simon/-rev/undefined
npm http 201 ← Created (http://npm.systemparadox.co.uk/-/user/org.couchdb.user:simon/-rev/undefined)
npm info login Authorized user simon
Logged in as simon to scope @wd on http://npm.systemparadox.co.uk/.
npm verb exit [ 0, true ]
npm timing npm Completed in 15742ms
npm info ok 
$ npm login -ddd --registry=http://npm.systemparadox.co.uk
npm info it worked if it ends with ok
npm verb cli [ '/usr/bin/node',
npm verb cli   '/home/simon/npm/bin/npm',
npm verb cli   'login',
npm verb cli   '-ddd',
npm verb cli   '--registry=http://npm.systemparadox.co.uk' ]
npm info using npm@6.3.0
npm info using node@v10.15.2
npm verb npm-session ddf35b7c2e480eb7
npm verb web login before first POST
npm http request → POST http://npm.systemparadox.co.uk/-/v1/login
npm http 404 ← Not Found (http://npm.systemparadox.co.uk/-/v1/login)
npm verb web login not supported, trying couch 
Username: simon
Password: 
Email: (this IS public) simon@systemparadox.co.uk
npm verb login before first PUT { _id: 'org.couchdb.user:simon',
npm verb login   name: 'simon',
npm verb login   password: 'XXXXX',
npm verb login   type: 'user',
npm verb login   roles: [],
npm verb login   date: '2019-08-28T15:55:44.911Z' }
npm http request → PUT http://npm.systemparadox.co.uk/-/user/org.couchdb.user:simon
npm http 409 ← Conflict (http://npm.systemparadox.co.uk/-/user/org.couchdb.user:simon)
npm http request → GET http://npm.systemparadox.co.uk/-/user/org.couchdb.user:simon?write=true
npm http 200 ← OK (http://npm.systemparadox.co.uk/-/user/org.couchdb.user:simon?write=true)
npm http request → PUT http://npm.systemparadox.co.uk/-/user/org.couchdb.user:simon/-rev/undefined
npm http 201 ← Created (http://npm.systemparadox.co.uk/-/user/org.couchdb.user:simon/-rev/undefined)
npm info login Authorized user simon
Logged in as simon on http://npm.systemparadox.co.uk/.
npm verb exit [ 0, true ]
npm timing npm Completed in 10265ms
npm info ok 
$ npm show @wd/build
npm ERR! code E401
npm ERR! authorization required to access package @wd/build : @wd/build

$ npm config get registry prints: https://registry.npmjs.org/, but I’m using a custom for specific prefixes. ~/.npmrc:

prefix=/home/simon/npm
@wd:registry=http://npm.systemparadox.co.uk/
//npm.systemparadox.co.uk/:_authToken="[REDACTED]"
always-auth=true

Client environment

node version 10.15.2
npm version 6.30, 6.8.0, 6.9.0, 6.11.2 (same issue for all of them)

Issue Analytics

State:
Created 4 years ago
Reactions:7
Comments:10 (4 by maintainers)

Top GitHub Comments

2reactions

SystemParadoxcommented, Aug 29, 2019

Apologies, server log is attached (although you might want to update the template because I did follow it but the server log doesn’t seem to be in the list):

info <-- 172.17.0.1 requested 'POST /-/v1/login'
http <-- 404, user: null([REDACTED] via 172.17.0.1), req: 'POST /-/v1/login', bytes: 20/150
info <-- 172.17.0.1 requested 'PUT /-/user/org.couchdb.user:simon'
http <-- 409, user: null([REDACTED] via 172.17.0.1), req: 'PUT /-/user/org.couchdb.user:simon', error: username is already registered
info <-- 172.17.0.1 requested 'GET /-/user/org.couchdb.user:simon?write=true'
http <-- 200, user: null([REDACTED] via 172.17.0.1), req: 'GET /-/user/org.couchdb.user:simon?write=true', bytes: 0/51
info <-- 172.17.0.1 requested 'PUT /-/user/org.couchdb.user:simon/-rev/undefined'
http <-- 201, user: simon([REDACTED] via 172.17.0.1), req: 'PUT /-/user/org.couchdb.user:simon/-rev/undefined', bytes: 173/86
info <-- 172.17.0.1 requested 'POST /-/v1/login'
http <-- 404, user: null([REDACTED] via 172.17.0.1), req: 'POST /-/v1/login', bytes: 20/150
info <-- 172.17.0.1 requested 'PUT /-/user/org.couchdb.user:simon'
http <-- 409, user: null([REDACTED] via 172.17.0.1), req: 'PUT /-/user/org.couchdb.user:simon', error: username is already registered
info <-- 172.17.0.1 requested 'GET /-/user/org.couchdb.user:simon?write=true'
http <-- 200, user: null([REDACTED] via 172.17.0.1), req: 'GET /-/user/org.couchdb.user:simon?write=true', bytes: 0/51
info <-- 172.17.0.1 requested 'PUT /-/user/org.couchdb.user:simon/-rev/undefined'
http <-- 201, user: simon([REDACTED] via 172.17.0.1), req: 'PUT /-/user/org.couchdb.user:simon/-rev/undefined', bytes: 173/86
info <-- 172.17.0.1 requested 'GET /@wd%2fbuild'
http <-- 401, user: null([REDACTED] via 172.17.0.1), req: 'GET /@wd%2fbuild', error: authorization required to access package @wd/build
info <-- 172.17.0.1 requested 'GET /@wd%2fbuild'
http <-- 401, user: null([REDACTED] via 172.17.0.1), req: 'GET /@wd%2fbuild', error: authorization required to access package @wd/build
info <-- 172.17.0.1 requested 'GET /@wd%2fbuild'
http <-- 404, user: simon([REDACTED] via 172.17.0.1), req: 'GET /@wd%2fbuild', error: no such package available
info <-- 172.17.0.1 requested 'GET /@wd%2fbuild'
http <-- 401, user: null([REDACTED] via 172.17.0.1), req: 'GET /@wd%2fbuild', error: authorization required to access package @wd/build

I’ve also checked back through our logs and it appears that verdaccio was updated inadvertently as part of fixing a docker issue. This was quite some time ago, but we haven’t published any packages since then so it’s possible everyone has been working from their local cache until now.

1reaction

viceicecommented, Oct 8, 2019

I have a similar issue.

When i use npm login it will create an authToken to my .npmrc which does not work. If i manually configure username and _password to my .npmrc it will work as expected.

I simply use npm info command for a package which has access: $authenticated for testing.

I’m using npm / node on windows:

{
  npm: '6.2.0',
  ares: '1.15.0',
  brotli: '1.0.7',
  cldr: '35.1',
  http_parser: '2.8.0',
  icu: '64.2',
  modules: '64',
  napi: '4',
  nghttp2: '1.39.2',
  node: '10.16.3',
  openssl: '1.1.1c',
  tz: '2019a',
  unicode: '12.1',
  uv: '1.28.0',
  v8: '6.8.275.32-node.54',
  zlib: '1.2.11'
}

I always get ‘400 Bad Request’, but i don’t find it in the logs.

I’m using traefik v1.7 as proxy for the verdaccio docker container v4.3.3 As auth plugin i use bitbucket-server