Describe the user story
When dealing with 3rd party private repos it would be nice to have the ability to make an authentication plugin to avoid the need for hard coded credentials
Describe the solution you'd like
At the most basic level you would just need to add a hook to npmHttpUtils.getAuthenticationHeader which would allow you to change the authentication headed. The plugin would likely only need the same arguments which are passed to getAuthConfiguration. It would then just return the authentication header string.
Describe the drawbacks of your solution
There is a fair amount of potential for a malicious extension to break things so the error messages for failures here will likely need to be pretty robust.
Describe alternatives you've considered
You could also provide a hook instead in getAuthConfiguration to give the opportunity to override just the auth config. Allowing replacement of the whole string passed via the header is more flexible though since not all authentication systems use Bearer or Basic auth
Additional context
If this were implemented I would likely build an Azure DevOps auth plugin
Describe the user story
When dealing with 3rd party private repos it would be nice to have the ability to make an authentication plugin to avoid the need for hard coded credentials
Describe the solution you'd like
At the most basic level you would just need to add a hook to npmHttpUtils.getAuthenticationHeader which would allow you to change the authentication headed. The plugin would likely only need the same arguments which are passed to getAuthConfiguration. It would then just return the authentication header string.
Describe the drawbacks of your solution
There is a fair amount of potential for a malicious extension to break things so the error messages for failures here will likely need to be pretty robust.
Describe alternatives you've considered
You could also provide a hook instead in getAuthConfiguration to give the opportunity to override just the auth config. Allowing replacement of the whole string passed via the header is more flexible though since not all authentication systems use Bearer or Basic auth
Additional context
If this were implemented I would likely build an Azure DevOps auth plugin