Getting "No authentication configured for request" error when using OIDC trusted publishing

[wojtekmaj]

I tried publishing a package using OIDC trusted publishing and failed.

I have previously used NPM_TOKEN + provenance, and that setup worked just fine. This proves that, for example, GITHUB_TOKEN permissions were set correctly, as provenance itself always needed id-token: write which seems to be the only requirement on the GitHub side.

What I did:

• I removed all NPM tokens from my repository and npmjs.com
• I removed references to them from publish.yml
• I set (and verified) Trusted Publisher settings on npmjs.com
• I ran Publish workflow.

Here's what I got:
https://github.com/wojtekmaj/react-hooks/actions/runs/17969594085/job/51108861491

Notably:

• provenance was generated correctly
• "No authentication configured for request"

As per #6898, this message may be seen if either getOidcToken was not called (because either allowOidc was false or ident was falsy) or getOidcToken returned a falsy value.

Unfortunately, at this stage I got stuck because Yarn does not provide necessary logging information that would enable me to debug the situation further. Possible improvements in this area would be to log things like:

• Acquiring OIDC token
• OIDC token has not been acquired because no supported CI/CD provider was detected
• OIDC token has not been acquired because CI/CD provider did not provide required environment variables
• Failed to acquire OIDC token because of npm API error: {error}
• Not acquiring OIDC token because {reason}

This is my workflow file:
https://github.com/wojtekmaj/react-hooks/actions/runs/17969594085/workflow

Does anyone see anything in it that may have caused the error?

Thanks!

[wojtekmaj]

@cometkim maybe you would be able to help out?

[cometkim]

Update Yarn to the latest version.

There was a bug to publish scoped packages. See #6911

[wojtekmaj]

That's it! Works like a charm. Thank you so much! <3