Face Liveness SDK Package Authentication Failure (E401)

We have Limited Access approval for Face Liveness but cannot install the required Web SDK package @azure/ai-vision-face-ui from the npm registry.

Error: npm error code E401 - Incorrect or missing password Registry: https://pkgs.dev.azure.com/msface/SDK/_packaging/AzureAIVision/npm/registry/

We have: βœ“ Limited Access approval (received confirmation) βœ“ Active Face API resource βœ“ Attempted authentication using Face API token endpoint βœ“ Configured .npmrc with generated base64 token βœ“ Followed all documentation steps

Request: Please provide correct authentication method or credentials for accessing the Azure DevOps npm package feed for the Face Liveness Web SDK.

Resource Details:

  • Subscription: [Your subscription name/ID]
  • Resource: [Your Face API resource name]
  • Region: [Your region]
  1. SRILAKSHMI C 19,195 Reputation points β€’ Microsoft External Staff β€’ Moderator

    Hi Akesh Mohanan Webotix,

    Did you get any chance to review the above response. Do let me know if you have any further queries.

    Thank you!

Sign in to comment

2 answers

  1. SRILAKSHMI C 19,195 Reputation points β€’ Microsoft External Staff β€’ Moderator

    Hello Akesh Mohanan Webotix,

    Welcome to Microsoft Q&A and Thank you for reaching out.

    I understand why this is confusing the E401 error strongly suggests a credential problem, but in this case the issue is not with your Face API or Limited Access approval, and re-generating Face API tokens will not resolve it.

    Key clarification

    The Face Liveness Web SDK package (@azure/ai-vision-face-ui) is hosted in a private Azure DevOps Artifacts npm feed, and:

    Face API keys or Face API bearer tokens cannot authenticate to this feed

    Limited Access approval enables use of the Face Liveness feature, but does not automatically grant access to the DevOps npm registry

    That’s why npm returns:

    E401 – Incorrect or missing password

    Even when Face API authentication is working correctly.

    Correct authentication method for the npm feed

    The registry

    https://pkgs.dev.azure.com/msface/SDK/_packaging/AzureAIVision/npm/registry/

    only accepts Azure DevOps credentials, not Azure AI / Face API tokens.

    Supported option: Azure DevOps Personal Access Token (PAT)

    Sign in to Azure DevOps (any organization you have access to)

    Create a Personal Access Token (PAT) with:

    • Scope: Packaging β†’ Read

    Base64-encode the PAT:

    echo -n :<PAT> | base64

    Configure .npmrc like this:

    @azure:registry=https://pkgs.dev.azure.com/msface/SDK/_packaging/AzureAIVision/npm/registry/
//pkgs.dev.azure.com/msface/SDK/_packaging/AzureAIVision/npm/registry/:username=any
//pkgs.dev.azure.com/msface/SDK/_packaging/AzureAIVision/npm/registry/:_password=<BASE64_PAT>
//pkgs.dev.azure.com/msface/SDK/_packaging/AzureAIVision/npm/registry/:email=unused@example.com
always-auth=true

    The username and email values are ignored; only the PAT is used.

    What will not work

    Face API keys

    Face API OAuth / bearer tokens

    Tokens generated from the Face API endpoint

    Azure subscription credentials or Managed Identity

    If any of these are placed in .npmrc, npm will always return E401.

    Please refer this

    I Hope this helps. Do let me know if you have any further queries.

    Thank you!

    0 comments No comments
    Sign in to comment
  2. Vinodh247-1375 43,181 Reputation points β€’ Volunteer Moderator

    Hi ,

    Thanks for reaching out to Microsoft Q&A.

    Face API keys or tokens do not authenticate to the private npm feed. @azure/ai-vision-face-ui is hosted in Azure DevOps Artifacts, which only accepts Azure DevOps credentials. Use an Azure DevOps PAT + user identity. If PAT cannot authenticate, your org or user is not added to the msface ADO feed and Microsoft support must enable it.

    Summary of what you really need to do:

    1. Create a Personal Access Token (PAT) under the ADO org msface (not your tenant, not your subscription, not Face API) Azure DevOps β†’ User Settings -> Personal Access Token Scopes required: Packaging (Read)
    2. Base64-encode PAT with your ADO user name format: <ado-username>:<PAT> (Convert to base64 and paste into .npmrc)
    3. Do not use accessToken from the Face endpoint That token only authorizes API calls, not private package feeds.
    4. You must be whitelisted for the DevOps org Limited Access means Microsoft has granted your tenant access, but your user must still be listed on the ADO feed. If your PAT still fails, request Microsoft to:
      • add your Azure AD user/service principal to the DevOps feed

    Please 'Upvote'(Thumbs-up) and 'Accept' as answer if the reply was helpful. This will be benefitting other community members who face the same issue.

    1. Vinodh247-1375 43,181 Reputation points β€’ Volunteer Moderator

      Please 'Upvote'(Thumbs-up) and 'Accept' as answer if the reply was helpful. This will be benefitting other community members who face the same issue.

    Sign in to comment
Sign in to answer

Your answer