A GitHub OAuth Plugin for Verdaccio – https://www.verdaccio.org
When clicking the login button, instead of filling in a login form, you are asked to log in with GitHub.
The plugin is similar to verdaccio-github-oauth but also changes the UI login behaviour.
In case you need CLI support for automation purposes, the plugin is also compatible with sinopia-github-oauth-cli.
$ npm install verdaccio-github-oauth-ui
The plugin requires the following additional configuration:
middlewares:
github-oauth-ui:
client-id: $GITHUB_OAUTH_CLIENT_ID # required
client-secret: $GITHUB_OAUTH_CLIENT_SECRET # required
auth:
github-oauth-ui:
org: $GITHUB_OAUTH_ORG # required, people within this org will be able to auth
The values for client-id
and client-secret
can either be an environment variable where the value is stored, or the value itself.
When creating the OAuth app at github.com, use
REGISTRY_URL/-/oauth/callback
as the callback URL.
If url_prefix
is specified in the config then it must be equal to the REGISTRY_URL
.
-
Click the login button and follow the OAuth flow.
When using a private GitHub org, make sure to click the [Request] button for org read access. See #5.
-
After successful login, the npm config commands that set up authentication with the registry are shown at the top.
-
To verify that the authentication token is set up correctly, run
npm whoami --registry REGISTRY_URL
If you see your GitHub username, you are ready to start publishing packages.
-
Unless the token is revoked on GitHub, it is infinitely valid.