cmd/go: Authenticating With GOPROXY #27132
The Go command should be able to pass an Authorization Header to the GOPROXY URL. Either through
The current Go command has two ways to authenticate with a Proxy:
The first one is not secure while the second one is complex.
We should have a more canonical way of providing user authorization where clients can acquire a token and pass it to the Go command whether through env vars such as
Please answer these questions before submitting your issue. Thanks!
What version of Go are you using (
@FiloSottile do you have a suggestion other than a bearer token that is more secure? Thanks!
As for basic auth, embedding the user/password in the URL makes it more susceptible for human error to expose the credentials since people can over look that there are credentials in the URL itself.