Add an authentication mode to [index] configuration

[zanieb]

Summary

There’s a bit of design work to be done here, but the rough problem is this:

• If we receive a package index without a username, we always try an unauthenticated request first
• If that fails, we search for credentials (e.g., via keyring)

However, some indexes don’t fail on unauthenticated requests, instead they just forward to the public PyPI and now the user is confused their package is missing. The current solution is to tell users to set a username in their index URL, as that will force us to fetch credentials. However, if the username varies per user (sometimes its just a constant), they can’t commit that to the pyproject.toml. So, the idea is: add an authentication “mode” to the tool.uv.index table which allows a user to explicitly say “never use authentication” or “always use authentication” for a given index.

See

• regression: authentication stopped working in uv 0.1.36 #3923
• Can't resolve a package version from private gitlab package index #9331 (comment)

Example

Not a final design, but for example

[[tool.uv.index]]
name = "foo"
url = "https://..."
authentication = "auto | always | never"

[morotti]

thanks, it would be great if it can be set with an environment variable, like UV_INDEX_AUTHENTICATION=always

[jdumas]

I wonder if a simple boolean force_auth = true would be sufficient? I don't see a case where the current auto mode would fail and you'd want to force unauthenticated instead.

In any case I'm eagerly awaiting for this option. This is currently a blocker for me to use uv in downstream applications for internal projects.

[zanieb]

you'd want to force unauthenticated instead.

I was thinking of cases where you don't want to accidentally leak credentials to another index