auth0 · tusharpandey13 · Aug 4, 2025 · Aug 4, 2025 · Aug 4, 2025
@@ -1,15 +1,21 @@
 name: Publish release to npm
+description: Publishes a package to npm registry with authentication and verification
 
 inputs:
   node-version:
+    description: Node.js version to use
     required: true
   npm-token:
+    description: NPM authentication token
     required: true
   version:
+    description: Version to publish
     required: true
   require-build:
-    default: true
+    description: Whether to run build step
+    default: 'true'
   release-directory:
+    description: Directory containing package to publish
     default: './'
 
 runs:
@@ -35,18 +41,56 @@ runs:
       shell: bash
       run: npm run build
 
+    - name: Verify npm authentication
+      shell: bash
+      run: |
+        echo "Verifying npm authentication..."
+        echo "npm version: $(npm --version)"
+        echo "node version: $(node --version)"
+        echo "npm config list:"
+        npm config list
+        echo "Checking authentication:"
+        npm whoami
+        echo "npm registry: $(npm config get registry)"
+        echo "Checking user permissions for auth0 package..."
+        npm access list packages --json || echo "Could not list packages"
+        echo "Checking package collaborators..."
+        npm owner ls auth0 || echo "Could not list owners"
+        echo "Checking npm token..."
+        npm token list || echo "Could not list tokens"
+        echo "Testing npm publish dry run..."
+        npm publish --dry-run || echo "Dry run failed"
+      env:
+        NODE_AUTH_TOKEN: ${{ inputs.npm-token }}
+
     - name: Publish release to NPM
       shell: bash
       working-directory: ${{ inputs.release-directory }}
       run: |
+        # Determine the appropriate tag
         if [[ "${VERSION}" == *"beta"* ]]; then
           TAG="beta"
         elif [[ "${VERSION}" == *"alpha"* ]]; then
           TAG="alpha"
         else
           TAG="latest"
         fi
-        npm publish --provenance --tag $TAG
+
+        echo "Publishing package auth0@${VERSION} with tag ${TAG}..."
+        echo "Package details:"
+        echo "Name: $(grep '"name"' package.json | cut -d'"' -f4)"
+        echo "Version: $(grep '"version"' package.json | cut -d'"' -f4)"
+        echo "Repository: $(grep -A2 '"repository"' package.json | grep '"url"' | cut -d'"' -f4)"
+
+        echo "Final authentication check before publish:"
+        npm whoami
+
+        echo "Running npm publish..."
+        set -e  # Exit on any error
+        npm publish --provenance --tag $TAG --verbose
+
+        echo "✅ Package published successfully!"
+        echo "Package URL: https://www.npmjs.com/package/auth0/v/${VERSION}"
       env:
         NODE_AUTH_TOKEN: ${{ inputs.npm-token }}
         VERSION: ${{ inputs.version }}
@@ -26,6 +26,9 @@ jobs:
     if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/'))
     runs-on: ubuntu-latest
     environment: release
+    permissions:
+      contents: read
+      id-token: write # For publishing to npm using --provenance
 
     steps:
       # Checkout the code

@@ -0,0 +1,80 @@
+name: Test NPM Authentication
+
+on:
+  workflow_dispatch:
+  push:
+    branches-ignore:
+      - master
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  test-npm-auth:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+          registry-url: 'https://registry.npmjs.org'
+
+      - name: Test npm authentication
+        run: |
+          echo "Testing npm authentication..."
+          echo "Registry: $(npm config get registry)"
+          echo "Auth token configured: $(if [ -n "$NODE_AUTH_TOKEN" ]; then echo "Yes"; else echo "No"; fi)"
+          echo "Token length: ${#NODE_AUTH_TOKEN}"
+          echo "Token prefix: ${NODE_AUTH_TOKEN:0:8}..."
+          echo ""
+          echo "Checking .npmrc file:"
+          cat ~/.npmrc || echo "No .npmrc found in home directory"
+          echo ""
+          echo "Checking working directory .npmrc:"
+          cat .npmrc || echo "No .npmrc found in working directory"
+          echo ""
+          echo "NPM config list:"
+          npm config list
+          echo ""
+          echo "Attempting npm whoami (this may fail):"
+          npm whoami || echo "npm whoami failed - this confirms authentication issue"
+          echo ""
+          echo "Exit code from npm whoami: $?"
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - name: Test package access
+        run: |
+          echo "Checking package information (without auth)..."
+          npm view auth0 version || echo "Could not view auth0 package"
+          echo ""
+          echo "Attempting to list packages (requires auth):"
+          npm access list packages --json || echo "Could not list packages - confirms auth issue"
+          echo ""
+          echo "Attempting to check auth0 package ownership:"
+          npm owner ls auth0 || echo "Could not list owners - may require auth"
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - name: Debug token type
+        run: |
+          echo "🔍 DEBUGGING NPM TOKEN ISSUE"
+          echo "================================"
+          echo ""
+          echo "❌ The 401 Unauthorized error indicates:"
+          echo "   1. Token is invalid/expired"
+          echo "   2. Token is read-only (common cause)"
+          echo "   3. Token format is incorrect"
+          echo ""
+          echo "🔧 NEXT STEPS:"
+          echo "   1. Go to https://www.npmjs.com/settings/tokens"
+          echo "   2. Check if your token shows 'Read-only'"
+          echo "   3. If yes, create new 'Automation' token"
+          echo "   4. Update GitHub secret NPM_TOKEN"
+          echo ""
+          echo "💡 Token should be 'Automation' type for CI/CD publishing"
+        continue-on-error: true