This repository has been archived by the owner on Apr 17, 2023. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Support auth protocol introduced by docker 1.8
The authorization protocol changed with Docker 1.8: * client does pull or push or whatever * daemon does ping to registry i.e. https://registry.ip/v2/ * registry returns 401 along with realm and service, but not scope * daemon asks for a token from the auth server, with service=<registry>&scope=repository:namespace/image:push,pull In other words, the daemon always asks for push,pull, even if you are just doing a pull. The auth server is supposed to respond in the following fashion: * If unauthenticated access is not allowed, return a 401 requiring user to authentictae * If unauthenticated access is allowed to that repo, return a web token When user tries the token path against the auth server with credentials: * If invalid credentials, return 401 * If valid credentials, always return a 200 with a JWT that has the maximum credentials allowed this user on this repository in this service that is a subset of the scope provided. The daemon will always ask for push,pull, and - as long as I am validly authenticated - the auth server should always return 200 with a valid Web token. The Web token will list the max I am allowed. * If I am not allowed push or pull, then return a token with no access * If I am allowed pull but not push, then return a token with pull access only * If I am allowed pull and push, then return a token with push and pull access This is some preliminary work to fix issue 276.
- Loading branch information
