Multi auth with two plugins htpasswd and openid-connect not working

[Godjee1]

Your Environment

• verdaccio version: 6.0.0
• node version [20.17.0]:
• package manager: [[email protected]]
• os: [linux]
• platform: [kubernetes, helmfile]

Describe the bug

Authorization via htpasswd does not work together with openid-connect + JWT token.

To Reproduce

The plugins work separately, the JWT token is generated.
Changing the order of specifying plugins in the config did not help.

Screenshots, server logs, package manager log
error log if trying authorize with htpasswd:

7 verbose title npm login
8 verbose argv "login" "--registry" "https://myrepo/" "--auth-type" "legacy"
9 verbose logfile logs-max:10 dir:/Users/egor/.npm/_logs/2024-10-02T14_30_48_674Z-
10 verbose logfile /Users/egor/.npm/_logs/2024-10-02T14_30_48_674Z-debug-0.log
11 notice Log in on https://myrepo/
12 silly logfile start cleaning logs, removing 1 files
13 silly logfile done cleaning log files
14 verbose login before first PUT {
14 verbose login   _id: 'org.couchdb.user:test-user20',
14 verbose login   name: 'test-user20',
14 verbose login   password: 'XXXXX',
14 verbose login   type: 'user',
14 verbose login   roles: [],
14 verbose login   date: '2024-10-02T14:30:55.332Z'
14 verbose login }
15 http fetch PUT 401 https://myrepo/-/user/org.couchdb.user:test-user20 140ms
16 verbose stack HttpErrorGeneral: 401 Unauthorized - PUT https://myrepo/-/user/org.couchdb.user:test-user20
16 verbose stack     at /usr/local/lib/node_modules/npm/node_modules/npm-registry-fetch/lib/check-response.js:95:15
16 verbose stack     at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
16 verbose stack     at async putCouch (/usr/local/lib/node_modules/npm/node_modules/npm-profile/lib/index.js:133:18)
16 verbose stack     at async loginCouch (/usr/local/lib/node_modules/npm/node_modules/npm-profile/lib/index.js:177:12)
16 verbose stack     at async otplease (/usr/local/lib/node_modules/npm/lib/utils/auth.js:8:12)
16 verbose stack     at async Object.login (/usr/local/lib/node_modules/npm/lib/utils/auth.js:91:11)
16 verbose stack     at async Login.exec (/usr/local/lib/node_modules/npm/lib/commands/login.js:31:35)
16 verbose stack     at async Npm.exec (/usr/local/lib/node_modules/npm/lib/npm.js:207:9)
16 verbose stack     at async module.exports (/usr/local/lib/node_modules/npm/lib/cli/entry.js:74:5)
17 verbose statusCode 401
18 error code E401
19 error 401 Unauthorized - PUT https://myrepo/-/user/org.couchdb.user:test-user20
20 verbose cwd /Users/egor/.npm/_logs
21 verbose os Darwin 22.6.0
22 verbose node v22.9.0
23 verbose npm  v10.8.3
24 verbose exit 1

Configuration File (cat ~/.config/verdaccio/config.yaml)

    storage: /verdaccio/storage/data
    plugins: /verdaccio/plugins
    web:
      title: Verdaccio
    auth:
      openid-connect:
        publicUrl: https://myrepo
        redisUri: redis-master.monitoring.svc.cluster.local
        issuer: deleted
        clientId: deleted
        clientSecret: 'deleted'
        scope: openid profile email
        usernameClaim: preferred_username
        accessTokenAuth: false
      htpasswd:
        file: /verdaccio/storage/htpasswd
        max_users: -1
    security:
      api:
        legacy: false
        jwt:
          sign:
            expiresIn: 29d
          verify:
            ignoreExpiration: true
      web:
        sign:
          expiresIn: 1h # 1 hour by default
        verify:
            ignoreExpiration: true

Please help me figure out how to run these two plugins at the same time, since htpasswd is planned to be used for a specific task where it is impossible to log in via oidc.
Thanks in advance!

[cudatuda]

Also interested in this scenario

[MartinLoeper]

Could it be that verdaccio does not support this config atm and thus the plugin itself cannot make it work?

see: verdaccio/verdaccio#1442