Commit 0e1bd373 authored by Daniel P. Berrange's avatar Daniel P. Berrange

docker: implement support for oauth

Latest docker v2 registry uses OAuth for creating tokens,
identified by the "Bearer" method in the 'WWW-Authenticate'
header. Add a DockerAuthBearer impl to deal with this.
Signed-off-by: 's avatarDaniel P. Berrange <>
parent f792ea00
......@@ -153,6 +153,55 @@ class DockerAuthToken(DockerAuth):
return False
class DockerAuthBearer(DockerAuth):
def __init__(self):
self.token = None
def prepare_req(self, req):
if self.token is not None:
req.add_header("Authorization", "Bearer %s" % self.token)
def process_res(self, res):
def process_err(self, err):
method = err.headers.get("WWW-Authenticate", None)
if method is None:
return False
if not method.startswith("Bearer "):
return False
challenge = method[7:]
bits = challenge.split(",")
attrs = {}
for bit in bits:
subbit = bit.split("=")
attrs[subbit[0]] = subbit[1][1:-1]
url = attrs["realm"]
del attrs["realm"]
if "error" in attrs:
del attrs["error"]
params = "&".join([
"%s=%s" % (attr, attrs[attr])
for attr in attrs.keys()
if params != "":
url = url + "?" + params
req = urllib2.Request(url=url)
req.add_header("Accept", "application/json")
res = urllib2.urlopen(req)
data = json.loads(
self.token = data["token"]
return True
class DockerRegistry():
def __init__(self, uri_base):
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment