CODEWITHSUNDEEP
authenticationnpmazure-devops
Tim
Tim

Reputation: 5839

How can I authenticate a npm registry with azure devops build pipeline?

I have an app I'm creating a build pipeline for in Azure DevOps. It uses npm packages which are in a private npm registry (with code created from a different Azure DevOps organisation). When I run npm ci (or npm install) it fails with the following error:

npm ERR! code E401

npm ERR! Unable to authenticate, need: Bearer authorization_uri=https://login.windows.net/b2d01466-6e2c-4b55-8b90-e3ed41afca4a, Basic realm="https://pkgsproduks1.pkgs.visualstudio.com/", TFS-Federated

The specific packages which fail are the ones from the other organisation, which return a 401 when trying to get them.

I thought the best practice to authenticate this was to create a Service Connection within Azure DevOps. I've created a Personal Access Token within the organisation which hosts the npm packages, and used it to create a Service Connection in the organisation which contains my build pipeline. I then included it in my build pipeline yaml as follows:

- task: Npm@1
  displayName: Install npm packages
  inputs:
    command: 'ci'
    workingDir: 'Path/To/Working/Directory'
    customEndpoint: 'Custom npm registry'

I've also tried using the npm authenticate build step before this (both with and without the customEndpoint: 'Custom npm registry' in the install step) and while the npm authenticate runs successfully it doesn't make any difference to the error I'm getting. I've also tried setting up the Service Connection to use my username and password rather than a PAT, but that made no difference either.

The .npmrc within my project is as follows (modified slightly):

registry=https://registry.npmjs.org/
@{scope}:registry=https://pkgs.dev.azure.com/{organisation}/_packaging/{feedName}/npm/registry/
@{scope}:always-auth=true

Can anyone see what's wrong with the authentication, or link to an article giving an example of doing this across multiple Azure DevOps organisations?

Upvotes: 9

Views: 23596

Answers (3)

georgedobrin
georgedobrin

Reputation: 41

The problem I've had was that my organisation name contained a whitespace. For some reason, ADO joined the whitespace instead of encoding it with %20.

So instead of encoding it with Subname1%20Subname2, it did Subname1Subname2 and this created 404s all over the place.

What I did: hardcoded %20 into my orgname part in the .npmrc file

Upvotes: 1

noseratio
noseratio

Reputation: 61656

I just killed a few hours troubleshooting a similar NPM authentication issue with a hosted build agent for Azure DevOps.

I did have the NPM Authenticate job in the pipline, and I was still experiencing this error:

npm ERR! code E401
npm ERR! Unable to authenticate, your authentication token seems to be invalid.
npm ERR! To correct this please trying logging in again with:
npm ERR!     npm login

As it turned, the project had a mixture of https://pkgs.dev.azure.com/<myorg>/_packaging and https://<myorg>.pkgs.visualstudio.com/_packaging (the legacy URL for the same NPM registry) in scattered .npmrc files.

Making them all to consistently use https://pkgs.dev.azure.com/<myorg>/_packaging had solved my problem.

Upvotes: 4

Cece Dong - MSFT
Cece Dong - MSFT

Reputation: 31003

The .npmrc should look like:

registry=https://pkgs.dev.azure.com/{organization}/{project}/_packaging/{feed}/npm/registry/
@{scope}:registry=https://pkgs.dev.azure.com/{otherorganization}/_packaging/{feed}/npm/registry/
@{otherscope}:registry=https://{thirdPartyRepository}/npm/registry/
always-auth=true

Upvotes: 1

Related Questions