core: improve anon/auth token logic

.gitignore

@@ -7,3 +7,6 @@ env
 __pycache__
 .python-version
 .venv
+.vscode
+build
+dist

oras/auth/token.py

@@ -71,16 +71,18 @@ def authenticate_request(
 
         h = auth_utils.parse_auth_header(authHeaderRaw)
 
-        # First try to request an anonymous token
-        logger.debug("No Authorization, requesting anonymous token")
-        anon_token = self.request_anonymous_token(h)
-        if anon_token:
-            logger.debug("Successfully obtained anonymous token!")
-            self.token = anon_token
-            headers["Authorization"] = "Bearer %s" % self.token
-            return headers, True
-
-        # Next try for logged in token
+        # if no basic auth, try by request an anonymous token
+        if not hasattr(self, "_basic_auth"):
+            logger.debug("No Basic Auth found, requesting anonymous token")
+            anon_token = self.request_anonymous_token(h)
+            if anon_token:
+                logger.debug("Successfully obtained anonymous token!")
+                self.token = anon_token
+                headers["Authorization"] = "Bearer %s" % self.token
+                return headers, True
+
+        # try using auth token
+        logger.debug("requesting Auth Token")
         token = self.request_token(h)
         if token:
             self.token = token

oras/provider.py

@@ -957,7 +957,9 @@ def do_request(
         :param stream: stream the responses
         :type stream: bool
         """
-        # Make the request and return to calling function, unless requires auth
+        # Make the request and return to calling function, but attempt to use auth token if previously obtained
+        if headers is not None and isinstance(self.auth, oras.auth.TokenAuth):
+            headers.update(self.auth.get_auth_header())
         response = self.session.request(
             method,
             url,