This plugin allows you to handle authentication externally with an api.
I haven't used Verdaccio in a long time and I have no idea if this still works.
Install the plugin using npm i verdaccio-api-auth, then update your configuration:
auth:
api-auth:
url: https://yourserver.tld/api
secret: supersecretstring
There are 4 main endpoints you need to support:
POST /authenticate- This will have a body containingusernameandpassword, and should return an array of group names if correct.POST /allow_access- This will have a body containinguser(User information, containingname) andpackage(Package information, containingname). It should return true or false.POST /allow_publish- Body containsuserandpackageobjects, should return a boolean.POST /allow_unpublish- Body containsuserandpackageobjects, should return a boolean.
The secret specified in the configuration will be sent as the Authorization header.