Authentication
mise-server supports three authentication modes: simple token auth, users with ACL, and OIDC/SSO.
Simple Token Auth
The default mode when no [[users]] or [[acl]] are configured:
- All requests can read without authentication
- Write operations require
Authorization: Bearer <auth_token>
toml
[settings]
auth_token = "your-secret-token"bash
# Write request with auth
curl -H "Authorization: Bearer your-secret-token" \
-X PUT http://your-server:3000/npm/my-packageToken Generation
Generate a token and its hash for use in config files:
bash
mise-server token generate
# Token: mst_abc123...
# SHA-256: e3b0c44298fc1c149afb...Choosing an Auth Mode
| Mode | Use Case |
|---|---|
| Simple token | Single-user, CI/CD pipelines |
| Users & ACL | Multi-user, per-registry permissions |
| OIDC / SSO | Enterprise SSO, automatic user provisioning |
When any [[users]] or [[acl]] section is defined in config (or runtime users exist in the database), mise-server switches to full ACL mode with permission checking on every request.