Fix authentication against Artifactory

To authenticate against an OCI registry the code currently requires a `scope` attribute in the `WWW-Authenticate` header. This key is optional according to RFC 6750 [1], an empty string can be used if it's not present. Artifactory does not include the `scope` attribute and hence authentication fails currently. Fix that by making the attribute optional. [1] "Use of the "scope" attribute is OPTIONAL." Fixes #691
devcontainers · Nov 22, 2023 · 98c90e7 · 98c90e7
1 parent 6e643f8
commit 98c90e7
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/spec-configuration/httpOCIRegistry.ts b/src/spec-configuration/httpOCIRegistry.ts
@@ -95,15 +95,15 @@ export async function requestEnsureAuthenticated(params: CommonParams, httpOptio
 			const serviceGroup = serviceRegex.exec(wwwAuthenticate);
 			const scopeGroup = scopeRegex.exec(wwwAuthenticate);
 
-			if (!realmGroup || !serviceGroup || !scopeGroup) {
+			if (!realmGroup || !serviceGroup) {
 				output.write(`[httpOci] WWW-Authenticate header is not in expected format. Got:  ${wwwAuthenticate}`, LogLevel.Trace);
 				return;
 			}
 
 			const wwwAuthenticateData = {
 				realm: realmGroup[1],
 				service: serviceGroup[1],
-				scope: scopeGroup[1],
+				scope: scopeGroup ? scopeGroup[1] : "",
 			};
 
 			const bearerToken = await fetchRegistryBearerToken(params, ociRef, wwwAuthenticateData);