Fix authentication against Artifactory #692
Conversation
There was a problem hiding this comment.
Thanks for the change and pointer to the section in the RFC! One little change needed for the linter to pass, then it looks good to me 👍
I'll try to look into setting up a test Artifactory to add as a regression test here
To authenticate against an OCI registry the code currently requires a `scope` attribute in the `WWW-Authenticate` header. This key is optional according to RFC 6750 [1], an empty string can be used if it's not present. Artifactory does not include the `scope` attribute and hence authentication fails currently. Fix that by making the attribute optional. [1] "Use of the "scope" attribute is OPTIONAL." Fixes devcontainers#691
imphil
force-pushed
the
auth-against-artifactory-scope
branch
from
98c90e7
to
dc41f2f
Compare
|
Thanks for your reviews and merging this PR! Just a quick question: this code is (I think) also used in the Dev Containers extension. What's roughly the expectation when this change will reach the extension? |
One more note: Please feel free to reach out to me directly if you cannot reproduce the behavior I'm seeing. There seem to be a number of ways to set up Artifactory auth, so maybe I can dig up the right details to help you reproduce the problem. |
I can now look into releasing a new version of the @devcontainers/cli with these changes, and regarding Dev Containers Extensions @chrmarti might be able to provide a better timeline. But, it should be released soon enough. |
|
|
To authenticate against an OCI registry the code currently requires a
scopeattribute in theWWW-Authenticateheader. This key is optionalaccording to RFC 6750 [1], an empty string can be used if it's not
present.
Artifactory does not include the
scopeattribute and henceauthentication fails currently. Fix that by making the attribute
optional.
[1] "Use of the "scope" attribute is OPTIONAL."
Fixes #691