diff --git a/.gitignore b/.gitignore index 1d9e1fd4..f2500736 100644 --- a/.gitignore +++ b/.gitignore @@ -28,6 +28,7 @@ target/ # IDEs .idea/ +*.iml # When testing JSON files *.json diff --git a/src/main/java/land/oras/auth/HttpClient.java b/src/main/java/land/oras/auth/HttpClient.java index 11a23046..74e5f8ef 100644 --- a/src/main/java/land/oras/auth/HttpClient.java +++ b/src/main/java/land/oras/auth/HttpClient.java @@ -461,10 +461,11 @@ private ResponseWrapper executeRequest( LOG.debug("New scopes: {}", newScopes.getScopes()); // Add authentication header if any - if (authProvider.getAuthHeader(containerRef) != null + var authHeader = authProvider.getAuthHeader(containerRef); + if (authHeader != null && !authProvider.getAuthScheme().equals(AuthScheme.NONE) && includeAuthHeader) { - builder = builder.header(Const.AUTHORIZATION_HEADER, authProvider.getAuthHeader(containerRef)); + builder = builder.header(Const.AUTHORIZATION_HEADER, authHeader); } headers.forEach(builder::header); @@ -524,8 +525,16 @@ private ResponseWrapper redoRequest( token.expires_in(), token.issued_at().plusSeconds(token.expires_in())); } + String bearerToken = token.token(); + if (bearerToken == null) { + // Docker registry auth spec allows either token or auth_token (or both if they are the same) + bearerToken = token.access_token(); + } + if (bearerToken == null) { + throw new OrasException("No Bearer token received"); + } try { - builder = builder.setHeader(Const.AUTHORIZATION_HEADER, "Bearer " + token.token()); + builder = builder.setHeader(Const.AUTHORIZATION_HEADER, "Bearer " + bearerToken); HttpResponse newResponse = client.send(builder.build(), handler); // Follow redirect