Use index URL instead of package URL for keyring credential lookups (#12651)

Some registries (like Azure Artifact) can require you to authenticate separately for every package URL if you do not authenticate for the /simple endpoint. These changes make the auth middleware aware of index URL endpoints and attempts to fetch keyring credentials for such an index URL when making a request to any URL it's a prefix of. The current uv behavior is to cache credentials either at the request URL or realm level. But with these changes, we also need to cache credentials at the index level. Note that when uv does not detect an index URL for a request URL, it will continue to apply the old behavior. Addresses part of #4056 Closes #4583 Closes #11236 Closes #11391 Closes #11507
2025-07-07 21:35:00 +00:00 · 2025-04-29 12:54:07 -05:00 · 2025-04-29 12:54:07 -05:00 · de1479c4ef
commit de1479c4ef
parent 514a7ea6df
26 changed files with 571 additions and 203 deletions
--- a/docs/configuration/authentication.md
+++ b/docs/configuration/authentication.md
@ -38,9 +38,9 @@ Authentication can come from the following sources, in order of precedence:
 - A [`.netrc`](https://everything.curl.dev/usingcurl/netrc) configuration file
 - A [keyring](https://github.com/jaraco/keyring) provider (requires opt-in)

-If authentication is found for a single net location (scheme, host, and port), it will be cached for
-the duration of the command and used for other queries to that net location. Authentication is not
-cached across invocations of uv.
+If authentication is found for a single index URL or net location (scheme, host, and port), it will
+be cached for the duration of the command and used for other queries to that index or net location.
+Authentication is not cached across invocations of uv.

 `.netrc` authentication is enabled by default, and will respect the `NETRC` environment variable if
 defined, falling back to `~/.netrc` if not.