Skip to content

allow token pass #1449

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ricardo-devis-agullo merged 1 commit into from
Sep 17, 2025
Merged

allow token pass #1449

ricardo-devis-agullo merged 1 commit into from
Sep 17, 2025

Conversation

@ricardo-devis-agullo
Copy link
Collaborator

@ricardo-devis-agullo ricardo-devis-agullo commented Sep 17, 2025

Add Token-Based Authentication for Component Publishing

This PR introduces token-based authentication as an alternative to username/password authentication for publishing components to OpenComponents registries. This enhancement improves security and aligns with modern authentication practices.

Key Changes

Authentication Enhancement:

  • Added token parameter support to the publish command CLI interface
  • Implemented Bearer token authentication in the registry client (putComponent method)
  • Updated credential handling to prioritize token authentication over basic auth
  • Enhanced error handling to include token-based authentication failures

Code Quality Improvements:

  • Replaced @ts-expect-error with @ts-ignore for better TypeScript compatibility
  • Simplified error handling in file watchers and mock plugin registration
  • Improved type safety by removing unnecessary type assertions
  • Streamlined registry route logic for better maintainability

Dependency Updates:

  • Downgraded several dependencies to more stable versions for better compatibility
  • Updated development dependencies to maintain consistent tooling versions
  • Resolved potential security vulnerabilities in transitive dependencies

Registry API Optimization:

  • Refactored component listing endpoint for improved performance
  • Simplified metadata filtering logic
  • Enhanced component state management and filtering

Usage

The new token authentication can be used alongside existing username/password authentication:

# Using token authentication
oc publish my-component --token "your-bearer-token"

# Using traditional authentication (still supported)
oc publish my-component --username "user" --password "pass"

The authentication system automatically detects the provided credential type and uses the appropriate method for registry communication.

Technical Details

The implementation maintains backward compatibility while adding the new authentication method. Token authentication uses the Authorization: Bearer <token> header format, following OAuth 2.0 standards. The credential resolution logic prioritizes tokens over basic authentication when both are provided, ensuring consistent behavior across different deployment scenarios.

@ricardo-devis-agullo ricardo-devis-agullo merged commit 5bcddcc into master Sep 17, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ricardo-devis-agullo