User Tokens Nexus OSS 3.12.0

[gotvi...@gmail.com]

I can't find an option for User Tokens in the OSS 3.12.0 version of Nexus we are currently using.  Please help with this.

[Michael Prescott]

As per the help docs, user tokens are only available in Nexus Repository Pro.

On Thu, 20 Sep 2018 at 11:03, <gotvi...@gmail.com> wrote:

I can't find an option for User Tokens in the OSS 3.12.0 version of Nexus we are currently using.  Please help with this.

--
You received this message because you are subscribed to the Google Groups "Nexus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nexus-users...@glists.sonatype.com.
To post to this group, send email to nexus...@glists.sonatype.com.
To view this discussion on the web visit https://groups.google.com/a/glists.sonatype.com/d/msgid/nexus-users/e7ff0fb8-a6b9-4467-857c-74f085e02183%40glists.sonatype.com.
For more options, visit https://groups.google.com/a/glists.sonatype.com/d/optout.

[gotvi...@gmail.com]

Any plans of making this feature available for OSS?

[Ashley Watson]

I'm looking for this feature myself and according to this link;

https://www.sonatype.com/nexus-repository-oss-vs.-pro-features

It says that Nexus OSS supports auth token support.

So I'm confused. Please advise.

[Rich Seddon]

To be honest, I'm not sure what that page means by "API Tokens".  But either the page is incorrect, or it's referring to something else like npm token authentication.   The OSS edition does not have support for user tokens.  The documentation here is correct:

https://help.sonatype.com/repomanager3/repository-manager-feature-matrix#app

[Brian Fox]

Generally when we think about how the features fall in oss vs paid, it comes down to "is this feature obviously required only/primarily for enterprises?". An enterprise getting tremendous value ought to be thinking about a paid version with support etc. User tokens seems to be one of those clearly enterprise features, so there aren't thoughts of making it free.

To view this discussion on the web visit https://groups.google.com/a/glists.sonatype.com/d/msgid/nexus-users/698ff73b-c99c-42c1-9428-6126c2734251%40glists.sonatype.com.

[gotvi...@gmail.com]

Understand.  Thank you.

[Pierre GINDRAUD]

Hello,

I'm on Nexus OSS 3.11, my teamate has used a NPM token in some repositories' .npmrc and some days ago the token was suddenly reset by Nexus.

According to your previous messages I realized that this feature may not be available in OSS version. but in facts the npm login action is working fine and return valid tokens.

So i'm confuse, did I use the npm tokens feature or not ?

Should I fallback to "login:password" base64 hash ?

Thanks in advance for your help

[Peter Lynch]

On Wednesday, April 10, 2019 at 5:04:32 AM UTC-3, Pierre GINDRAUD wrote:

Hello,

I'm on Nexus OSS 3.11, my teamate has used a NPM token in some repositories' .npmrc and some days ago the token was suddenly reset by Nexus.

Tokens of any kind are tied to an identity - identity means username + authentication realm identity together. In the case of npm, the registry URL is also a factor on the client side. If your NPM token was reset( made invalid outside your client) , then the identity for you on the server must have changed, or it was reset by an NXRM administrator, or your password was reset and hit this bug fixed in 3.13.0.

According to your previous messages I realized that this feature may not be available in OSS version. but in facts the npm login action is working fine and return valid tokens.

"Token" is overloaded. This thread topic is about "User Tokens" which is a NXRM Pro feature. Other repository formats like NuGet, NPM and Docker use Bearer Tokens - which are not the same "token".

NuGet, NPM and Docker repository format Bearer Tokens are supported in NXRM OSS and Pro. "User Tokens" are an independent NXRM Pro only feature. They all serve the same purpose - an opaque value tied to an identity.

 

So i'm confuse, did I use the npm tokens feature or not ?

You did.

 

Should I fallback to "login:password" base64 hash ?

No.