-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ociregistry/ociauth: return 403 instead of 401 after new token acquired
Some registries will return a 401 Unauthorized error, indicating that no valid auth credentials have been provided, even when valid auth credentials _have_ been provided. Although this goes against [the HTTP status code conventions](https://stackoverflow.com/a/6937030) we need to deal with this somehow, because otherwise a client cannot distinguish between a "bad auth credentials error" (meaning that if the user does authenticate, the error might go away) and an "auth credentials not valid for resource error" (meaning that the user is authenticated but cannot access the resource despite that). The `ociauth` package is in a unique position to be able to make this determination because it the only place that knows that auth credentials have been freshly acquired, therefore a subsequent 401 error is almost certainly because the privileges were insufficient for the authenticated user rather than because there is no authenticated user. So, we change `ociauth` to return 403 Forbidden in this case. Fixes cue-lang/cue#2955 Signed-off-by: Roger Peppe <rogpeppe@gmail.com> Change-Id: Ie50bb826e266d3b26f06881d41da36f740bc43ab Dispatch-Trailer: {"type":"trybot","CL":1188182,"patchset":3,"ref":"refs/changes/82/1188182/3","targetBranch":"main"}
- Loading branch information
1 parent
8bca70d
commit 43c2106
Showing
2 changed files
with
98 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters