feat(auth): Include `scope` in the token exchange

AllexVeldman / pyoci

Publish and install private python packages using OCI/docker registries.

MIT License

8 stars 0 forks source link

feat(auth): Include `scope` in the token exchange #75

Closed AllexVeldman closed 1 week ago

AllexVeldman commented 1 week ago

The scope parameter(s) during token exchange are now included. This means the returned token will have an explicit scope.

It also means we need to re-authenticate if a subsequent request requires a different scope. For example, during publish we first pull the IndexManifest, then push blobs and manifests.

ghcr.io does not care about the scope, just the originally provided token. Azure container registry does care about the scope and as such requires this change.

codecov[bot] commented 1 week ago

Codecov Report

Attention: Patch coverage is 95.87156% with 9 lines in your changes missing coverage. Please review.

Project coverage is 95.05%. Comparing base (2f57488) to head (ff82b48). Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
src/service/auth.rs	95.83%	9 Missing :warning:

Additional details and impacted files