Docker registry API authentication workflow example

Docker registry API authentication workflow example


After spending a fair bit of time experimenting with getting authentication to work in python with the Docker registry API, I finally worked out the workflow.   As a public service I'm posting a non-language specific workflow here.

Getting auth info
https://index.docker.io
send: b'GET /v2/?account=dockerhubuser’ 
header: Authorization: Basic  Y3N0....9ndTNzcw==
 
reply: 'HTTP/1.1 401 Unauthorized'
header: Content-Type: application/json
header: Docker-Distribution-Api-Version: registry/2.0
header: Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io"
header: Date: Tue, 09 Jun 2020 16:18:07 GMT
header: Content-Length: 87
header: Strict-Transport-Security: max-age=31536000
body:{
‘errors': [{'code': 'UNAUTHORIZED',
             'detail': None,
             'message': 'authentication required'}]
}

Connecting to repository
https://auth.docker.io/
send: b'GET /token?scope=repository%3Alibrary%2Fbusybox%3Apull&service=registry.docker.io&account=dockerhubuser
Authorization: Basic  Y3N0.....9ndTNzcw==
 
reply: 'HTTP/1.1 200 OK'
header: Content-Type: application/json
header: Date: Tue, 09 Jun 2020 16:18:07 GMT
header: Transfer-Encoding: chunked
header: Strict-Transport-Security: max-age=31536000
body: :{
‘access_token': 'eyJ...4epQ',
 'expires_in': 300,
 'issued_at': '2020-06-09T16:18:07.58167979Z',
 'token': 'eyJ...4epQ'
}

Getting TagList
https://index.docker.io
send: b'GET /v2/library/busybox/tags/list?scope=repository%3Alibrary%2Fbusybox%3Apull&service=registry.docker.io&account=dockerhubuser
Authorization: Bearer eyJ...4epQ 
reply: 'HTTP/1.1 200 OK'
header: Content-Type: application/json
header: Docker-Distribution-Api-Version: registry/2.0
header: Date: Tue, 09 Jun 2020 16:18:07 GMT
header: Content-Length: 1806
header: Strict-Transport-Security: max-age=31536000
body:{
‘name': 'library/busybox',
 'tags': ['1-glibc',
              :
          'uclibc']
}

No comments: