A container registry that uses the AT Protocol for manifest storage and S3 for blob storage.
fix credential helper
+6
-2
+6
-2
cmd/credential-helper/main.go
+6
-2
cmd/credential-helper/main.go
···
541
541
542
542
// validateCredentials checks if the credentials are still valid by making a test request
543
543
func validateCredentials(appViewURL, handle, deviceSecret string) bool {
544
-
// Make a request to /v2/ which requires authentication
544
+
// Call /auth/token to validate device secret and get JWT
545
+
// This is the proper way to validate credentials - /v2/ requires JWT, not Basic Auth
545
546
client := &http.Client{
546
547
Timeout: 5 * time.Second,
547
548
}
548
549
549
-
req, err := http.NewRequest("GET", appViewURL+"/v2/", nil)
550
+
// Build /auth/token URL with minimal scope (just access to /v2/)
551
+
tokenURL := appViewURL + "/auth/token?service=" + appViewURL
552
+
553
+
req, err := http.NewRequest("GET", tokenURL, nil)
550
554
if err != nil {
551
555
return false
552
556
}