The server will now construct a JSON Web Token to sign and return. It is this intersected set of access which is placed in the returned token.
If the client has no access to the repository then the The granted access set was found only to be then the intersected set Intersected with the requested access yields an equal set. Responsibility of the token server to indicate authorization errors as part ofĬontinuing with the example request, the token server will find that theĬlient’s set of granted access to the repository is which when Requested access it must not be considered an error as it is not the The set of requested actions on each resource and the set of actions that theĬlient has in fact been granted. Resources requested in the scope parameter, it will take the intersection of Once the token server has determined what access the client has to the
Server will determine what access I have to the repository samalba/my-app This example request, if I have authenticated as user jlhawn, the token No attempt was made to authenticate), the token server must next query itsĪccess control list to determine whether the client has the requested scope.
(such as pulling from a public repository).Īfter authenticating the client (which may simply be an anonymous client if Some requests may require authentication to determineĪccess (such as pushing or pulling a private repository) while others may not Whether the token server requires authentication is up to the policy of thatĪccess control provider. The token server should return a 401 Unauthorized response indicating that If an attempt to authenticate to the token server fails, Registry client in the Docker Engine only supports Basic Authentication to The token server should first attempt to authenticate the client using anyĪuthentication credentials provided with the request.
0 kommentar(er)
