Publish Warning on Local Openvsx Server

[dipuharidasan]

I have OpenVSX deployed in Kubernetes. Every time I publish an extension, the UI displays a warning stating that the publisher is not verified. I read that this is expected, but is there a way to remove this warning? I don't have login enabled in the UI since this is a local setup.

I tried creating a publish account without admin access and it didn't help.

openvsx=> select * from user_data;
  id  | avatar_url | email | full_name | login_name | provider | auth_id | provider_url | role  | eclipse_token | github_token | eclipse_person_id
------+------------+-------+-----------+------------+----------+---------+--------------+-------+---------------+--------------+-------------------
 1001 |            |       |           | super_user |          |         |              | admin |               |              |
 1002 |            |       |           | publisher  |          |         |              |       |               |              |
(2 rows)

openvsx=> select * from personal_access_token;
  id  |     accessed_timestamp     | active | created_timestamp |          description           |    value    | user_data
------+----------------------------+--------+-------------------+--------------------------------+-------------+-----------
 1003 | 2025-03-14 02:34:45.06124  | t      |                   | For publishing test extensions | publisher   |      1002
 1002 | 2025-03-14 04:39:52.882153 | t      |                   | For publishing test extensions | super_token |      1001
(2 rows)

Also, are there any options to bring our own SSO as the auth provider?

Appreciate any help. TIA.

[dipuharidasan]

Is there a way to use Openvsx locally hosted with official VS Code from Microsoft?

I see the option:

export EXTENSIONS_GALLERY='{"serviceUrl": "https://<yourhost>/api"}'

Looks like it is not working for Official VS Code.

[nfogh]

You could try this extension https://marketplace.visualstudio.com/items?itemName=NikolajFogh.private-extension-marketplace. It is a fork I did of another extension, but with added support for OpenVSX.

[amvanbaren]

is there a way to remove this warning?

Yes, set the role to privileged

are there any options to bring our own SSO as the auth provider?

Yes, you can read more about that here: https://github.com/eclipse/openvsx/wiki/Deploying-Open-VSX#oauth2

[dipuharidasan]

Hi @amvanbaren Thanks for the update. The warning vanished after enabling the privileged role.

About the other auth providers, I read "User authentication is done with OAuth. Currently only GitHub is supported as OAuth provider." The document mentions about attributes that can be mapped. Does that mean, I will still need to use GitHub as the OAuth provider? Can I use Azure IDP?

[amvanbaren]

I read "User authentication is done with OAuth. Currently only GitHub is supported as OAuth provider."

Ah. I see what you mean. I've updated the wiki.

Other OAuth providers are supported since v0.23.0. You should be able to use Azure IDP by following the configuration steps in the OAuth2 section.

[CrossainQi]

Can you please give a demo of deploying openvsx on k8s cluster? thanks!

[Amar1729]

To add to what was said above - i created my user and specifically set myself as role = 'admin' initially. After doing this i restarted the server and cleared browser cache, and after that saw the Admin Dashboard link under my profile button.

psql -h localhost -U openvsx -c "UPDATE * user_data SET role = 'admin'"