Behavior for Repo-URLs with basic-auth passwords

Gemfury will soon update authentication behavior for Repo-URLs with basic auth. We have recommended authenticating with a blank password (ie. https://TOKEN:@repo...), and such authentication will continue to work unaffected. However, behavior for non-empty passwords will change.

Your Repo-URL authentication may soon begin to fail.

We’ve seen requests to your repo having a non-empty password. Until now, the password has been ignored, however, this will soon change. Please remove passwords from your Repo-URLs and let us know, so that we can proceed with our upgrades.

For example

Your repository URL may be as follows:

https://TOKEN:NOTBLANK@repo.fury.io/ACCOUNT

and you should change it to:

https://TOKEN:@repo.fury.io/ACCOUNT

You can also use the common form with username and password. Be sure that the username matches the owner of the token, not the repository account:

https://USERNAME:TOKEN@repo.fury.io/ACCOUNT

Exception for backward compatibility

(Updated: February 3, 2020) As an alternative for this deprecated use-case, we suggest using credentials TOKEN:TOKEN where the username and password are the same. We will continue to support this through and after the transition to allow continuity for those customers whose tooling doesn’t allow non-blank passwords:

https://TOKEN:TOKEN@repo.fury.io/ACCOUNT