Skip to content

Disable user authentication #1605

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
senolcolak opened this issue Nov 20, 2021 · 10 comments
Open

Disable user authentication #1605

senolcolak opened this issue Nov 20, 2021 · 10 comments
Labels
enhancement

Comments

@senolcolak
Copy link

Is your feature request related to a problem? Please describe.
I wan't to add NPM on my own applications list, I use goauthentik for my application repository. Unfortunately NPM is using local users and is not able to provide openid auth..

Describe the solution you'd like
I wan't to disable NPM user authentication and management

Describe alternatives you've considered
I think it is possible to use the api to get authentication token, but would be better to fully disable user auth.

Additional context
if there is a workaround that you know, would be great to know
@chaptergy
Copy link
Collaborator

Neither removing authentication nor using a different authentication method is currently possible. Related: #437

@chaptergy chaptergy mentioned this issue Nov 21, 2021
Closed
@Hadatko
Copy link
Contributor

Hadatko commented Aug 25, 2023

+1

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 1, 2024

Issue is now considered stale. If you want to keep it open, please comment 👍

@github-actions github-actions bot added the stale label Mar 1, 2024
@moutasem1989
Copy link

Issue is now considered stale. If you want to keep it open, please comment 👍

I assume to be used with Authentication service like Authentik; it Port 81 is not exposed and NPM is locked behind a proxy forward authentication?

I assume an OpenID SSO support would be much more useful

@github-actions github-actions bot removed the stale label May 8, 2024
@Rihan9
Copy link

Rihan9 commented Jun 27, 2024

Hi,
I'm going to comment this just to raise the interest in it. Please, let us disable the authentication or use an header with the username at least. It should be simpler than implement OAuth

@moutasem1989
Copy link

I added this for services with basic HTTP authentication to disable it. I then integrated it into Authentik reverse proxy authentication and it works as expected:

location / {
    proxy_pass http://app_with_basic_http_authentication:port;
    proxy_set_header Authorization "Basic wersdfxcvetc";     #base64 of username:password
    proxy_pass_header Authorization;
}

Is it posible to send the correct headers with the correct values to bypass authentication on NPM admin interface?

@moutasem1989
Copy link

This worked with Cockpit. Here I used Authorization Headers to bypass the Login screen and used Authentik + NginX for reverse Proxy Authentication.
I am trying the same Implementation with NPM, but it is not exactly working.

@rachelf42
Copy link

+1

2 similar comments
@AndreasFeldt
Copy link

+1

@berkobob
Copy link

+1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@berkobob @senolcolak @Hadatko @AndreasFeldt @chaptergy @moutasem1989 @Rihan9 @rachelf42