-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
npm two-factor authorization error #572
Comments
Can you update to You can use 2FA for your npm account, but you have to make sure to use a deploy token: https://npme.npmjs.com/docs/workflow/travis.html. |
It was 11.0.2:
And looks like this guide is for npm Enterprise. I can’t find anything about deployment tokens for normal npm. |
If you use v11.0.0, your should do You need to create a token with the npm CLI: Also I'm not sure if |
@sapegin do you have your 2FA set to |
Yes, it works with
That’s why I’ve created this issue. |
Then the description is misleading though. It does work with 2fa, just not if you configure it to prompt for OTPs during publishing (that would be impossible). Better error reporting is tracked here: semantic-release/npm#11 |
@sapegin Should we close this issue in favor semantic-release/npm#11? I also created semantic-release/npm#30 in order to improve the npm plugin doc regarding 2FA. |
This isn’t 100% correct, because it’s a default mode, so you have to configure it not to prompt for OTP :-)
Yeah, I guess we can’t really fix that on semantic-release side. |
I tried that and with 2fa npm publish is not working. Even when it is configured to auth only. |
was the token created while your account was configured for fwiw, i have been successfully publishing with semantic-release with my account using 2fa for |
Ah so you mean the Token knows that I have configured 2FA with
auth-and-write no matter what I configure later. So with a new token it
should work out.
By the way I tested it before with a test package and that worked with 2FA
auth only but the package had no scope. Maybe the scope is the problem.
Matt Travi <notifications@github.com> schrieb am Mi. 15. Aug. 2018 um 03:57:
was the token created while your account was configured for
auth-and-writes and then your account was switched to auth-only? i think
it matters when the token was created
fwiw, i have been successfully publishing with semantic-release with my
account using 2fa for auth-only for quite some time, so i can at least
confirm it does work. my bet would be that it is related to the token you
are trying to use.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#572 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AA95bpbpe3hIrXTwn9zlj_7RnF2xAxJTks5uQ4AigaJpZM4RJjTp>
.
--
Von Gmail Mobile gesendet mit dem iPad gesendet - ich bitte Tippfehler zu
entschuldigen.
|
I tried it now with a new token that I have created after auth-only was active and I still have the problem with the OTP message. Travis has the NPM_TOKEN in the settings and I have no clue what really goes wrong. Would be great if someone has a hint. Will test the extra package now with the organisation and may this is then the issue. |
Ok found the issue ... before I used semantic release I required 2fa on npm for the package and that setting seems to break the whole behaviour with the tokens. Thank you anyway. |
For people coming into this thread you can figure out if you have |
Can’t make it work with npm 2FA:
Full log is here. Looks like I’m missing something, but I couldn’t find anything in the docs or issues.
The text was updated successfully, but these errors were encountered: