uv icon indicating copy to clipboard operation
uv copied to clipboard

Published 20 hours ago verified publisher icon astral-sh

Authentication when downloading package from private registry using `oauth2accesstoken` fails with 401 Unauthorized

Open fellhorn opened this issue 1 year ago • 2 comments

Thanks a lot for this project, happy to see the so much progress in the python packaging ecosystem!

I tried to use uv with a private pip repository hosted in Google artifact registry:

> uv pip compile --extra-index-url https://oauth2accesstoken:$(gcloud auth print-access-token)@my-region-python.pkg.dev/my-project/my-repo/simple/ requirements.in

error: Failed to download: my-package==0.7.1
  Caused by: HTTP status client error (401 Unauthorized) for url (https://my-region-python.pkg.dev/my-project/my-repo/my-package/my-package-0.7.1-cp38-abi3-manylinux_2_28_x86_64.whl#sha256=my-sha)

This is the same both for uv pip install and uv pip compile. It seems like the authentication for listing works (version 0.7.1 is read from the repo, I did not provide it), but the token is not used when downloading.

fellhorn avatar Feb 16 '24 07:02 fellhorn

FWIW, I am seeing something very similar for a gitlab-hosted artifact registry. Same error.

gwdekker avatar Feb 16 '24 08:02 gwdekker

Probably related to #1458

tfcace avatar Feb 17 '24 07:02 tfcace

Should be resolved in the latest version ref #1886

zanieb avatar Feb 23 '24 04:02 zanieb

Thanks, I can confirm it works now :+1:

fellhorn avatar Feb 23 '24 08:02 fellhorn