Skip to content

Commit

Permalink
Fix authentication against Artifactory
Browse files Browse the repository at this point in the history
To authenticate against an OCI registry the code currently requires a
`scope` attribute in the `WWW-Authenticate` header. This key is optional
according to RFC 6750 [1], an empty string can be used if it's not
present.

Artifactory does not include the `scope` attribute and hence
authentication fails currently. Fix that by making the attribute
optional.

[1] "Use of the "scope" attribute is OPTIONAL."

Fixes #691
  • Loading branch information
imphil committed Nov 27, 2023
1 parent 6e643f8 commit dc41f2f
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/spec-configuration/httpOCIRegistry.ts
Original file line number Diff line number Diff line change
Expand Up @@ -95,15 +95,15 @@ export async function requestEnsureAuthenticated(params: CommonParams, httpOptio
const serviceGroup = serviceRegex.exec(wwwAuthenticate);
const scopeGroup = scopeRegex.exec(wwwAuthenticate);

if (!realmGroup || !serviceGroup || !scopeGroup) {
if (!realmGroup || !serviceGroup) {
output.write(`[httpOci] WWW-Authenticate header is not in expected format. Got: ${wwwAuthenticate}`, LogLevel.Trace);
return;
}

const wwwAuthenticateData = {
realm: realmGroup[1],
service: serviceGroup[1],
scope: scopeGroup[1],
scope: scopeGroup ? scopeGroup[1] : '',
};

const bearerToken = await fetchRegistryBearerToken(params, ociRef, wwwAuthenticateData);
Expand Down

0 comments on commit dc41f2f

Please sign in to comment.