How does the Nexus Repository Manager integrate the OAuth2 protocol to log in?

sam · September 10, 2019, 6:12pm

Hi!
How does the Nexus Repository Manager integrate the OAuth2 protocol to log in?
Do I need to develop my own plugins?
What do I need to do if I need to develop a plugin?

rseddon · September 10, 2019, 6:32pm

There is no support for OAuth2 in Nexus Repo 3 at the moment.

However Nexus 3 does support remote user token authentication, so as a workaround you could use a reverse proxy in front of Nexus that does the authentication vi Oauth or similar, and have it send the authenticated user ID’s into Nexus via this feature:

https://help.sonatype.com/display/NXRM3/Authentication+via+Remote+User+Token

sam · September 11, 2019, 3:26am

Thanks for your reply !
Nexus seems to have csrf-token and jsessionid. I want to turn off the nexus csrf filter to access the login API by username and password. What should I do?

rseddon · September 11, 2019, 6:30pm

If you’re using remote user token authentication there won’t be a login in Nexus, the login is done by the server running in front of Nexus, and it sends the authenticated user ID in as an HTTP header.

Rich