UNPKG

verdaccio-doreamon-oauth2

Version:

A GitLab OAuth Plugin for [Verdaccio](https://www.verdaccio.org)

121 lines (78 loc) 3.92 kB
# 📦🔐 Verdaccio GitLab OAuth plugin A GitLab OAuth Plugin for [Verdaccio](https://www.verdaccio.org) <a href="https://www.npmjs.com/package/verdaccio-gitlab-oauth2"> <img alt="Version" src="https://flat.badgen.net/npm/v/verdaccio-gitlab-oauth2?icon=npm"> </a> <a href="https://raw.githubusercontent.com/bizneo/verdaccio-gitlab-oauth2/master/LICENSE"> <img alt="License" src="https://flat.badgen.net/github/license/bizneo/verdaccio-gitlab-oauth2?icon=github"> </a> <a href="https://github.com/bizneo/verdaccio-gitlab-oauth2/issues/new/choose"> <img alt="Issues" src="https://flat.badgen.net/badge/github/create issue/pink?icon=github"> </a> ## About The plugin is similar to [verdaccio-github-oauth-ui](https://github.com/n4bb12/verdaccio-github-oauth-ui), but adapted to use GitLab APIs. When clicking the login button, instead of filling in a login form, you are asked to log in with itLab. In case you need CLI support for automation purposes, the plugin is also compatible with it, adapting the functionality from [sinopia-github-oauth-cli](https://github.com/soundtrackyourbrand/sinopia-github-oauth-cli) to work with GitLab. ### Compatibility - Verdaccio 3, 4 and 5 - Node >=10 - Chrome, Firefox, Firefox ESR, Edge, Safari, IE 11 ## Setup Instructions ### Install ``` $ npm install verdaccio-gitlab-oauth2 ``` ### GitLab Config - Create an OAuth app at https://gitlab.com/profile/applications - The callback URL should be `YOUR_REGISTRY_URL/-/doreamon/callback` - The scope needed is `openid` ### Verdaccio Config Merge the below options with your existing Verdaccio config: ```yml middlewares: doreamon-oauth2: enabled: true auth: doreamon-oauth2: client_id: DOREAMON_CLIENT_ID client_secret: DOREAMON_CLIENT_SECRET root_url: YOUR_REGISTRY_URL # optional, e.g. https://registry.npmjs.org ``` - The configured values can either be the actual value or the name of an environment variable that contains the value. - The config props can be specified under either the `middlewares` or the `auth` node. Just make sure, the addon is included under both nodes. #### `client_id` and `client_secret` These values can be obtained from GitLab OAuth app page at https://gitlab.com/profile/applications. #### `root_url` Optional. The URL of the registry, e.g. `https://registry.npmjs.org`. ### Proxy Agent If you are behind a proxy server, the plugin needs to know the proxy server in order to make GitLab requests. Configure the below environment variable. ``` $ export GLOBAL_AGENT_HTTP_PROXY=http://127.0.0.1:8080 ``` See the [global-agent](https://github.com/gajus/global-agent#environment-variables) docs for detailed configuration instrcutions. ## Login ### Verdaccio UI - Click the login button and login via GitLab, if not logged in already. - Authorize the registry - this needs to be done only once. - After authorizing the registry with GitLab, you'll be redirected back to the Verdaccio registry. You are now logged in. ### Command Line To set up authentication with the registry in your npm CLI, you'll need to run the commands shown on the UI. - Verdaccio 4: open the "Register Info" dialog and klick "Copy to clipboard" - Verdaccio 3: Select the text in the header and copy it. In case the text is too long, you can double-click it. The invisible part will still be selected and copied. - Run the copied commands on your terminal. ``` $ npm config set //localhost:4873:_authToken "SECRET_TOKEN" $ npm config set //localhost:4873:always-auth true ``` - Verify npm is set up correctly by running the `whoami` command. Example: ``` $ npm whoami --registry http://localhost:4873 n4bb12 ``` If you see your GitLab username, you are ready to start publishing packages. ## Logout ### Verdaccio UI Click the <kbd>Logout</kbd> button as per usual. ### Command Line Unless OAuth access is revoked in the GitLab settings, the token is valid indefinitely.