Credentials not retrieved from nuget.config when v3 endpoint redirects to v2 #3179
Comments
|
I managed to get a repro with my dev feed. {
"@context": {
"@vocab": "http://schema.nuget.org/services#"
},
"resources": [
{
"@id": "https://alpaix-azure.pkgs.visualstudio.com/_packaging/3ca07dbd-a1e6-4ef0-a4e2-c873550fc4c4/nuget/v2/",
"@type": "PackagePublish/2.0.0"
},
{
"@id": "https://alpaix-azure.pkgs.visualstudio.com/_packaging/3ca07dbd-a1e6-4ef0-a4e2-c873550fc4c4/nuget/v2/",
"@type": "LegacyGallery/2.0.0"
},
{
"@id": "https://alpaix-azure.pkgs.visualstudio.com/_packaging/3ca07dbd-a1e6-4ef0-a4e2-c873550fc4c4/nuget/v3/registrations2/",
"@type": "RegistrationsBaseUrl/3.0.0-beta"
},
{
"@id": "https://alpaix-azure.pkgs.visualstudio.com/_packaging/3ca07dbd-a1e6-4ef0-a4e2-c873550fc4c4/nuget/v3/query2/",
"@type": "SearchQueryService/3.0.0-beta"
},
{
"@id": "https://alpaix-azure.pkgs.visualstudio.com/_packaging/3ca07dbd-a1e6-4ef0-a4e2-c873550fc4c4/nuget/v3/flat2/",
"@type": "PackageBaseAddress/3.0.0"
}
],
"version": "3.0.0-beta"
}nuget.exe delegates v2 search to NuGet.Core v2 API while passing "LegacyGallery/2.0.0" endpoint. The latter calls a I don't think there's an easy fix for this. |
|
It is a significant issue, since it blocks users who configure a VSTS v3 url in nuget.config using a stored access token or username and password for authentication. Using the credential provider executable works, but users aren't obligated to use the credential provider. Do you know why this worked in v3.3 and what caused the change? |
|
Discuss and consider for 3.5rtm in the coming next week or two. or determine other work necessary to fix list and assign to 3.6. |
... when acquiring credentials. Fixes NuGet/Home#3179. NuGetCore calls the credentials adapter with a "list" endpoint uri. It may be different from a source uri, for instance when v3 source advertises v2 search endpoint. If endpoints mapping is supplied, retrieve the source uri and use it to acquire credentials.
... when acquiring credentials. Fixes NuGet/Home#3179. NuGetCore calls the credentials adapter with a "list" endpoint uri. It may be different from a source uri, for instance when v3 source advertises v2 search endpoint. If endpoints mapping is supplied, retrieve the source uri and use it to acquire credentials.
|
This looks like it is in 3.6beta1, but has not been ported to 3.5rtm. VSTS folks asking to get it there. Risk/Time enough? |
|
@zhili1208 - please port this change to rtm branch. |
... when acquiring credentials. Fixes NuGet/Home#3179. NuGetCore calls the credentials adapter with a "list" endpoint uri. It may be different from a source uri, for instance when v3 source advertises v2 search endpoint. If endpoints mapping is supplied, retrieve the source uri and use it to acquire credentials.
|
Done |
In NuGet 3.3, if you set a VSTS v3 package source with credentials in nuget.config, it will work for all commands even if some commands redirect to a v2 endpoint.
In NuGet 3.4.4 / NuGet 3.5.0-beta2, if you set a VSTS v3 package source with credentials in nuget.config, then restore install push all work, but list prompts for credentials.
Example:
nuget list -verbosity detailed -source https://myaccount.pkgs.visualstudio.com/_packaging/myfeed/nuget/v3/index.json
NuGet Version: 3.5.0.1520
Please provide credentials for: https://myaccount.pkgs.visualstudio.com/_packaging/3f49219a-1125-4c10-b5b3-ec814116ff62/nuget/v2/
UserName:
On list, nuget.exe uses stored credentials to get the service index -- the service index has a v2 endpoint for legacy gallery.
But after the 401 to the v2 endpoint, credentials are not fetched from config and we are prompted
The text was updated successfully, but these errors were encountered: