Can we use short-lived bearer tokens instead of OTPs for package uploads from the CLI?


(ELLIOTTCABLE) #1

So, I’m working from somewhere with a reasonably-slow Internet connection for the first time in a while, and I’ve run into a pretty serious problem:

I can’t publish several of our packages.

Turns out, if the network-connection is slow enough (or, presumably, the package large enough), the publish:uploading step doesn’t complete before the generated OTP expires, leading to a situation like this:

npm ERR! publish Failed PUT 401
There was an error while trying authentication due to OTP (One-Time-Password).
The One-Time-Password is generated via applications like Authy or
Google Authenticator, for more information see:
https://docs.npmjs.com/getting-started/using-two-factor-authentication
Enter OTP: <code>
npm ERR! publish Failed PUT 401
There was an error while trying authentication due to OTP (One-Time-Password).
The One-Time-Password is generated via applications like Authy or
Google Authenticator, for more information see:
https://docs.npmjs.com/getting-started/using-two-factor-authentication
Enter OTP: <code>
npm ERR! publish Failed PUT 401
There was an error while trying authentication due to OTP (One-Time-Password).
The One-Time-Password is generated via applications like Authy or
Google Authenticator, for more information see:
https://docs.npmjs.com/getting-started/using-two-factor-authentication
Enter OTP:

At this point, I’d have to either disable OTP on my account every time I want to publish a package — or go drive into town, and find somewhere with faster WiFi.

Ideally, the OTP should be verified before the package is uploaded — or, second-best, it should be asked of the user after the upload is complete, but before a final request is made to ‘activate’ it …


(system) #2

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.