Gemfury will soon update authentication behavior for Repo-URLs
with basic auth. We have recommended authenticating with a blank password
(ie. https://TOKEN:@repo...
), and such authentication will continue to work unaffected.
However, behavior for non-empty passwords will change.
Your Repo-URL authentication may soon begin to fail.
We’ve seen requests to your repo having a non-empty password. Until now, the password has been ignored, however, this will soon change. Please remove passwords from your Repo-URLs and let us know, so that we can proceed with our upgrades.
For example
Your repository URL may be as follows:
https://TOKEN:NOTBLANK@repo.fury.io/ACCOUNT
and you should change it to:
https://TOKEN:@repo.fury.io/ACCOUNT
You can also use the common form with username and password. Be sure that the username matches the owner of the token, not the repository account:
https://USERNAME:TOKEN@repo.fury.io/ACCOUNT
Exception for backward compatibility
(Updated: February 3, 2020) As an alternative for this deprecated use-case,
we suggest using credentials TOKEN:TOKEN
where the username and password are
the same. We will continue to support this through and after the transition to
allow continuity for those customers whose tooling doesn’t allow non-blank
passwords:
https://TOKEN:TOKEN@repo.fury.io/ACCOUNT