feat: separate login/adduser, remove auth types (#5550)

The difference between `adduser` and `login` depends on the `auth-type`. - `web`: the POST to `/-/v1/login` contains a `{ create: true }` value in its payload for `adduser` - `legacy` the `PUT` request to `/-/user/org.couchdb.user:${username}` contains an `email` value in its payload for `adduser`. BREAKING CHANGE: `login`, `adduser`, and `auth-type` changes - This removes all `auth-type` configs except `web` and `legacy`. - `login` and `adduser` are now separate commands that send different data to the registry. - `auth-type` config values `web` and `legacy` only try their respective methods, npm no longer tries them all and waits to see which one doesn't fail.
npm · Sep 21, 2022 · 314311c · 314311c
1 parent d3ff2aa
commit 314311c
Show file tree

Hide file tree

Showing 29 changed files with 645 additions and 1,329 deletions.
diff --git a/docs/content/commands/npm-adduser.md b/docs/content/commands/npm-adduser.md
@@ -13,7 +13,7 @@ description: Add a registry user account
 ```bash
 npm adduser
 
-aliases: login, add-user
+alias: add-user
 ```
 
 <!-- automatically generated, do not edit manually -->
@@ -25,22 +25,12 @@ Note: This command is unaware of workspaces.
 
 ### Description
 
-Create or verify a user named `<username>` in the specified registry, and
-save the credentials to the `.npmrc` file. If no registry is specified,
-the default registry will be used (see [`config`](/using-npm/config)).
+Create a new user in the specified registry, and save the credentials to
+the `.npmrc` file. If no registry is specified, the default registry
+will be used (see [`config`](/using-npm/config)).
 
-The username, password, and email are read in from prompts.
-
-To reset your password, go to <https://www.npmjs.com/forgot>
-
-To change your email address, go to <https://www.npmjs.com/email-edit>
-
-You may use this command multiple times with the same user account to
-authorize on a new machine.  When authenticating on a new machine,
-the username, password and email address must all match with
-your existing record.
-
-`npm login` is an alias to `adduser` and behaves exactly the same way.
+When using `legacy` for your `auth-type`, the username, password, and
+email are read in from prompts.
 
 ### Configuration
 
@@ -93,10 +83,7 @@ npm init --scope=@foo --yes
 #### `auth-type`
 
 * Default: "legacy"
-* Type: "legacy", "web", "sso", "saml", "oauth", or "webauthn"
-
-NOTE: auth-type values "sso", "saml", "oauth", and "webauthn" will be
-removed in a future version.
+* Type: "legacy" or "web"
 
 What authentication strategy to use with `login`.
 

diff --git a/docs/content/commands/npm-login.md b/docs/content/commands/npm-login.md
@@ -0,0 +1,110 @@
+---
+title: npm-login
+section: 1
+description: Login to a registry user account
+---
+
+### Synopsis
+
+<!-- AUTOGENERATED USAGE DESCRIPTIONS START -->
+<!-- automatically generated, do not edit manually -->
+<!-- see lib/commands/login.js -->
+
+```bash
+npm login
+```
+
+<!-- automatically generated, do not edit manually -->
+<!-- see lib/commands/login.js -->
+
+<!-- AUTOGENERATED USAGE DESCRIPTIONS END -->
+
+Note: This command is unaware of workspaces.
+
+### Description
+
+Verify a user in the specified registry, and save the credentials to the
+`.npmrc` file. If no registry is specified, the default registry will be
+used (see [`config`](/using-npm/config)).
+
+When using `legacy` for your `auth-type`, the username and password, are
+read in from prompts.
+
+To reset your password, go to <https://www.npmjs.com/forgot>
+
+To change your email address, go to <https://www.npmjs.com/email-edit>
+
+You may use this command multiple times with the same user account to
+authorize on a new machine.  When authenticating on a new machine,
+the username, password and email address must all match with
+your existing record.
+
+### Configuration
+
+<!-- AUTOGENERATED CONFIG DESCRIPTIONS START -->
+<!-- automatically generated, do not edit manually -->
+<!-- see lib/utils/config/definitions.js -->
+#### `registry`
+
+* Default: "https://registry.npmjs.org/"
+* Type: URL
+
+The base URL of the npm registry.
+
+<!-- automatically generated, do not edit manually -->
+<!-- see lib/utils/config/definitions.js -->
+
+#### `scope`
+
+* Default: the scope of the current project, if any, or ""
+* Type: String
+
+Associate an operation with a scope for a scoped registry.
+
+Useful when logging in to or out of a private registry:
+
+```
+# log in, linking the scope to the custom registry
+npm login --scope=@mycorp --registry=https://registry.mycorp.com
+
+# log out, removing the link and the auth token
+npm logout --scope=@mycorp
+```
+
+This will cause `@mycorp` to be mapped to the registry for future
+installation of packages specified according to the pattern
+`@mycorp/package`.
+
+This will also cause `npm init` to create a scoped package.
+
+```
+# accept all defaults, and create a package named "@foo/whatever",
+# instead of just named "whatever"
+npm init --scope=@foo --yes
+```
+
+
+<!-- automatically generated, do not edit manually -->
+<!-- see lib/utils/config/definitions.js -->
+
+#### `auth-type`
+
+* Default: "legacy"
+* Type: "legacy" or "web"
+
+What authentication strategy to use with `login`.
+
+<!-- automatically generated, do not edit manually -->
+<!-- see lib/utils/config/definitions.js -->
+
+<!-- AUTOGENERATED CONFIG DESCRIPTIONS END -->
+
+### See Also
+
+* [npm registry](/using-npm/registry)
+* [npm config](/commands/npm-config)
+* [npmrc](/configuring-npm/npmrc)
+* [npm owner](/commands/npm-owner)
+* [npm whoami](/commands/npm-whoami)
+* [npm token](/commands/npm-token)
+* [npm profile](/commands/npm-profile)
diff --git a/docs/content/using-npm/config.md b/docs/content/using-npm/config.md
@@ -218,10 +218,7 @@ exit code.
 #### `auth-type`
 
 * Default: "legacy"
-* Type: "legacy", "web", "sso", "saml", "oauth", or "webauthn"
-
-NOTE: auth-type values "sso", "saml", "oauth", and "webauthn" will be
-removed in a future version.
+* Type: "legacy" or "web"
 
 What authentication strategy to use with `login`.
 
@@ -2084,31 +2081,6 @@ Alias for --package-lock
 <!-- automatically generated, do not edit manually -->
 <!-- see lib/utils/config/definitions.js -->
 
-#### `sso-poll-frequency`
-
-* Default: 500
-* Type: Number
-* DEPRECATED: The --auth-type method of SSO/SAML/OAuth will be removed in a
-  future version of npm in favor of web-based login.
-
-When used with SSO-enabled `auth-type`s, configures how regularly the
-registry should be polled while the user is completing authentication.
-
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/utils/config/definitions.js -->
-
-#### `sso-type`
-
-* Default: "oauth"
-* Type: null, "oauth", or "saml"
-* DEPRECATED: The --auth-type method of SSO/SAML/OAuth will be removed in a
-  future version of npm in favor of web-based login.
-
-If `--auth-type=sso`, the type of SSO type to use.
-
-<!-- automatically generated, do not edit manually -->
-<!-- see lib/utils/config/definitions.js -->
-
 #### `tmp`
 
 * Default: The value returned by the Node.js `os.tmpdir()` method

diff --git a/docs/nav.yml b/docs/nav.yml
@@ -96,6 +96,9 @@
   - title: npm link
     url: /commands/npm-link
     description: Symlink a package folder
+  - title: npm login
+    url: /commands/npm-login
+    description: Login to a registry user account
   - title: npm logout
     url: /commands/npm-logout
     description: Log out of the registry

diff --git a/lib/auth/legacy.js b/lib/auth/legacy.js
diff --git a/lib/auth/oauth.js b/lib/auth/oauth.js
diff --git a/lib/auth/saml.js b/lib/auth/saml.js