Coder.comC
Coder.com10mo ago
9 replies
Diranged

How to use External Auth to pull down Github NPM packages?

HI! I'm experimenting with Coder right now how it hooks up with Github. I've got it connected into Github for user-authentication, as well as configured for external auth. We can spin up a workspace that checks out code using the github_token returned by the auth, and we've verified that the token then has access to other repositories that the user has access to. So far so good.

Where we're struggling now is using the same token to access Github's package repository (NPM). Here's what we've done so far:

1. Made sure the Github App has read:packages permissions.
2. Set the CODER_EXTERNAL_AUTH_0_SCOPES environment variable to repo workflow admin:public_key read:packages (note, also tried with commas).
3. Verified that the scopes look good in https://... our endpoint/api/v2/deployment/config
    "external_auth": [
      {
        "type": "github",
        "client_id": "...",
        "id": "github",
        "auth_url": "",
        "token_url": "",
        "validate_url": "",
        "app_install_url": "",
        "app_installations_url": "",
        "no_refresh": false,
        "scopes": [
          "repo",
          "workflow",
          "admin:public_key",
          "read:packages"
        ],
        "device_flow": false,
        "device_code_url": "",
        "regex": "github\\.com....",
        "display_name": "",
        "display_icon": ""
      }
    ],

4. Set up the ~/.npmrc file:
//npm.pkg.github.com/:_authToken=ghu_xxx
@org:registry=https://npm.pkg.github.com/


When the workspace boots up and we try to log in:
error Error: https://npm.pkg.github.com/download/@org/<package>...0.2.19/e33c0bcabfc7e22864697a411d80b585719e1fae: Request failed "403 Forbidden"


When I check the Github Security Logs, it always lists token_scopes as empty for the tokens being generated... is there something else we need to do, or a bug?
Was this page helpful?