Artifact helper for Maven

[timward60]

Wanted to know if this on the road map, or if it is something we should consider contributing?

[markphip]

Open to doing it as well as receiving contribution. What does it require? Is Maven capable of authenticating using a short-lived Azure token as opposed to a PAT?

[markphip]

Should add I only know what I see here: https://learn.microsoft.com/en-us/azure/devops/artifacts/maven/install?view=azure-devops

At least for NPM, it has different properties for PAT (password) vs Token authentication. It also possible to specify an environment variable name in the configuration file. Do you know if the settings.xml supports a variable? Otherwise, the file would have to be rewritten with the value of the token.

The pattern used, because the tokens are short-lived, is to add a bash alias that replaces the CLI mvn with a script that generates a token on the fly, stores it in environment variable, then calls the CLI. So something like that, or a variant that writes the token into settings.xml would be the thing to try. The question would be whether the token will work as the password. It doesn't for other tools, AFAIK.