Resolving access denied error

Fix “Unauthorized” or “Access Denied” errors when using npm clients

Interacting with Bytesafe registry using npm clients and getting authentication errors, can typically be explained with:

  • Access token for the registry is not sent correctly to Bytesafe servers (due to missing or incorrect configuration)
  • Access token for the registry is no longer valid

Refer to the sections below for more information on how to resolve the different issues.

How to resolve 401 Unauthorized - Access Denied

As every client version can handle authentication differently, there are a number of potential causes for access tokens not being sent to Bytesafe servers. To identify the source of your issue, review the state of the .npmrc file used and then proceed along the steps accordingly.

The npmrc file configuration

Access the .npmrc file to view current configuration.

For a developer using npm from a terminal this is usually the user config file which is stored in the users home directory, accessible by ~/.npmrc.

For a project running in a CI/CD environment or similar, this is usually the project level file accessible at (/path/to/project/.npmrc)

For more information on different .npmrc files refer to the official documentation on npmjs.

# default registry used by the client. Can be replaced by use of --registry flag followed by registry URL

registry=https://{WORKSPACE}.bytesafe.dev/r/{REGISTRY}/

# registry and related access token

//{WORKSPACE}.bytesafe.dev/r/{REGISTRY}/:_authToken={TOKEN}

# always-auth true forces clients to send credentials to Bytesafe servers

always-auth=true

If the information available in users .npmrc file does not match the pattern from the example above, proceed with the steps below.

1. Access token for specific registry is missing

Previous authentication to registry (using npm login) was unsuccessful.

Active user specific access tokens can be viewed in Bytesafe. If authToken for a registry in .npmrc file does not match tokens displayed in Bytesafe, requests will be denied.

active-access-token

Re-authenticate according to authentication instructions. Make sure to use the trailing / after the registry URL.

2. Registry URL has been specified without trailing /

Certain versions of npm cli (and other clients) requires the use of trailing / at the end of the URL. As such it is recommended to always use the trailing / for all interactions with Bytesafe (npm login / install / publish etc).

Re-authenticate using trailing / after the registry URL and make sure subsequent commands use the trailing / as well.

3. always-auth=true missing from .npmrc

This may result in npm cli (or other client) not sending credentials to Bytesafe servers.

# Add the config by running:

$ npm config set always-auth true

4. Using older, unsupported npm version

Certain npm cli versions have known authentication related bugs. If the npm cli version is before npm 6.8 we recommend an upgrade. Check version with npm --version.

# Check npm version with the --version flag

$ npm --version

7.0.14

Access token is no longer valid

If the configuration available in the .npmrc file is correct, the most likely cause for errors are that the access token has been revoked. Manually by a workspace admin or automatically by Bytesafe (deactivated user on subscription or trial expiry).

Check active access tokens in Bytesafe. active-access-token

Contact your account admin to investigate current status of your workspace and any related changes to user limits. If issue persists, contact Bytesafe support.