Skip to content

Commit

Permalink
Remove potentially expired tokens.
Browse files Browse the repository at this point in the history 
Some registries (notably Quay) issue tokens that expire without providing an `expires in` value in the authorization payload. Therefore, if a token produces a 401, we should remove it and re-fetch.

Signed-off-by: Corey Larson <corey@earthly.dev>
  • Loading branch information
@dchw
dchw committed Apr 21, 2021
1 parent d3e0a6f commit 9b7a5fc
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions util/resolver/authorizer.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -400,6 +400,11 @@ func (ah *authHandler) fetchToken(ctx context.Context, sm *session.Manager, g se
}

func invalidAuthorization(c auth.Challenge, responses []*http.Response) error {
lastResponse := responses[len(responses)-1]
if lastResponse.StatusCode == http.StatusUnauthorized {
return errors.Wrapf(docker.ErrInvalidAuthorization, "authorization status: %v", lastResponse.StatusCode)
}

errStr := c.Parameters["error"]
if errStr == "" {
return nil
Expand Down

0 comments on commit 9b7a5fc

Please sign in to comment.