@bcoe/npme-auth-oauth2-restricted
Advanced tools
auth strategy for OAuth2 SSO.
Note: The whitelist file and plugin should both be saved/installed to the Miscellaneous Data Files folder as you've configured it for your npmE instance.
The default is
/usr/local/lib/npme/data
The change directory command may be different based on your configuration (see note above).
cd /usr/local/lib/npme/data
sudo npm i @bcoe/npme-auth-oauth2-restricted
Go to your npm Enterprise admin console (on port 8800 of your server), select the Settings tab and then choose the OAuth2 option under the Authentication section. Fill out the configuration fields for your OAuth provider and click Save to apply your setting.
Next, switch to Custom for Authentication and populate each of the plugin settings as /etc/npme/data/node_modules/@bcoe/npme-auth-oauth2-restricted:
| Config Field | Config Value |
|---|---|
| Authorization plugin | /etc/npme/data/node_modules/@bcoe/npme-auth-oauth2-restricted |
| Authentication plugin | /etc/npme/data/node_modules/@bcoe/npme-auth-oauth2-restricted |
| Session plugin | /etc/npme/data/node_modules/@bcoe/npme-auth-oauth2-restricted |
Click Save a final time to apply these settings.
Create the whitelist file, user-whitelist.txt in the Misecellaneous Data Files directory (ex: /usr/local/lib/npme/data).
Each user that you want to have access to npmE must be listed on a separate line, by their email address.
Navigate to your instance's dashboard and use the buttons to stop and restart the instance. After the restart, only users in the whitelist file will be permitted to authenticate.
FAQs
auth strategy for OAuth 2.0 SSO.
The npm package @bcoe/npme-auth-oauth2-restricted receives a total of 4 weekly downloads. As such, @bcoe/npme-auth-oauth2-restricted popularity was classified as not popular.
We found that @bcoe/npme-auth-oauth2-restricted demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Malicious Namastex.ai npm packages appear to replicate TeamPCP-style Canister Worm tradecraft, including exfiltration and self-propagation.
Product
Explore exportable charts for vulnerabilities, dependencies, and usage with Reports, Socket’s new extensible reporting framework.
Product
Socket for Jira lets teams turn alerts into Jira tickets with manual creation, automated ticketing rules, and two-way sync.