Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Token authentication #143

Closed
igoras1993 opened this issue Aug 14, 2020 · 4 comments · Fixed by #167
Closed

Token authentication #143

igoras1993 opened this issue Aug 14, 2020 · 4 comments · Fixed by #167
Assignees
@Joxit
Labels
enhancement
Milestone
2.0.0

Comments

@igoras1993
Copy link

igoras1993 commented Aug 14, 2020
edited
Loading

Is your feature request related to a problem? Please describe.
In Docker registry V2, a preferred way to authenticate is using a Central Auth architecture. This is described here. An authorization protocol is actually simple and straight forward:

  1. Perform ordinary request to docker registry
  2. If getting 401 response code, look for WWW-Authenticate header, extracting realm and scope parameters.
  3. Perform a GET request:
    3.1. Use address given in realm,
    3.2. Send scope along with parameters,
    3.3. Use Basic Authentication to pass username and password
  4. Obtain token from the response
  5. Resend original request to docker registry, but this time place obtained token in Authentication: Bearer <...> header.
  6. If given token authorizes client to a given resource, docker registry will return correct response.

This is a very general and powerful way for doing authentication. It strongly separates registry app from the auth part. Client's responsibility is only to follow protocol and supply username and password in 3.3. step.

Would You mind to implement this kind of protocol in Your UI project?

Describe the solution you'd like
Actually, the simplest algorithm I can imagine will look like this:

  1. Every time experiencing 401 from DR, display a login form for user
  2. Follow step 3. from authentication protocol
  3. Use obtained token in Authentication: Bearer <...> header in future requests.

Describe alternatives you've considered
A more general way involves playing with refresh tokens, which of course is also possible.
@Joxit
Copy link
Owner

Joxit commented Aug 21, 2020

Hello,

Thank you for your feature request :) I'm supporting only basic auth because it was the easiest way.
Token authentication can be interesting, so I try to do something but there will be no guarantee

@Joxit Joxit self-assigned this Jan 24, 2021
@Joxit Joxit mentioned this issue Jan 29, 2021
Merged
@Joxit Joxit added this to the 2.0.0 milestone Mar 11, 2021
@Joxit
Copy link
Owner

Joxit commented Apr 13, 2021

Will be release in 2.0.0 🚀

@nhoudement-pro
Copy link

Hello,
I'm actually trying to use your ui with a private registry configured with token authentication.
To handle token authentication, I'm using docker_auth.
Both registry and docker_auth are running into their respective containers as well as registry-ui and all 3 containers are running on the same host.
Token authentication has been set to allow anonymous users to pull images from the registry (few accounts are allowed to push on the registry).
When I access registry-ui web interface, it receives the authentication challenge from the registry (because I can see the "popup" on the bottom right corner of the web page, but it is not able to display the content of the registry and it doesn't display a popup so that I can input some credentials.
Below, the versions of the components used:
registry : 2.7.0
docker_auth: 1.9.0
registry-ui: 2.1.0

Can you please help me to solve this issue ?

Thank you very much.

@Cronist
Copy link

Cronist commented Apr 2, 2023

I am one of the guys waiting for token auth released for UI too. still pending.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Joxit Joxit

Labels
enhancement
Projects
docker-registry-ui
Status: Done
Milestone
2.0.0
Development

Successfully merging a pull request may close this issue.

feat: token authentication Joxit/docker-registry-ui
4 participants
@Cronist @Joxit @nhoudement-pro @igoras1993