HOMEBREW_DOCKER_REGISTRY_TOKEN usage #5171
-
Output of
|
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
Looks like it's not documented, but it is for Feel free to submit a PR to the |
Beta Was this translation helpful? Give feedback.
-
How Bearer tokens are encoded is not actually defined, at least on OAuth level. OAuth RFC6750 §2.1 doesn't actually mention it needs to be Base64 encoded and the example
This was later changed to be "token68" in the final RFC7235 but this was too late for the OAuth spec which had already been finalised. So in short: it doesn't have to be base64 - it totally depends on the authentication your registry requires and you need to consult the documentation for that service. Homebrew actually cheats a bit here. The flow you're supposed to do is:
Homebrew never does the initial request. GitHub Container Registry internally uses your password (the access token), base64 encodes it and uses it as the token returned back. This is purely an implementation quirk, but it probably won't change so is unlikely to break. But non-GitHub registries may vary. A big use of |
Beta Was this translation helpful? Give feedback.
HOMEBREW_DOCKER_REGISTRY_TOKEN
is basically just a straight passthrough toAuthorization: Bearer $HOMEBREW_DOCKER_REGISTRY_TOKEN
.How Bearer tokens are encoded is not actually defined, at least on OAuth level. OAuth RFC6750 §2.1 doesn't actually mention it needs to be Base64 encoded and the example
mF_9.B5f-4.1JqM
doesn't decode to anything meaningful in base64. It makes uses ofb64token
in its syntax but that's because it's borrowed from a HTTP/1.1 draft that had the same name but clarifies it to have the description: