🐛 Fix credentials when using a helper that returns a token

core/src/main/java/org/testcontainers/utility/RegistryAuthLocator.java

@@ -251,10 +251,16 @@ private AuthConfig runCredentialProvider(String hostName, String helperOrStoreNa
         final JsonNode helperResponse = OBJECT_MAPPER.readTree(data);
         log.debug("Credential helper/store provided auth config for: {}", hostName);
 
-        return new AuthConfig()
-            .withRegistryAddress(helperResponse.at("/ServerURL").asText())
-            .withUsername(helperResponse.at("/Username").asText())
-            .withPassword(helperResponse.at("/Secret").asText());
+        final String username = helperResponse.at("/Username").asText();
+        final String password = helperResponse.at("/Secret").asText();
+        if ("<token>".equals(username)) {
+            return new AuthConfig().withIdentityToken(password);
+        } else {
+            return new AuthConfig()
+                .withRegistryAddress(helperResponse.at("/ServerURL").asText())
+                .withUsername(username)
+                .withPassword(password);
+        }
     }
 
     private String getCredentialProgramName(String credHelper) {

core/src/test/java/org/testcontainers/utility/RegistryAuthLocatorTest.java

@@ -69,6 +69,15 @@ public void lookupAuthConfigUsingHelper() throws URISyntaxException {
         assertEquals("Correct secret is obtained from a credential store", "secret", authConfig.getPassword());
     }
 
+    @Test
+    public void lookupAuthConfigUsingHelperWithToken() throws URISyntaxException {
+        final RegistryAuthLocator authLocator = createTestAuthLocator("config-with-helper-using-token.json");
+
+        final AuthConfig authConfig = authLocator.lookupAuthConfig(new DockerImageName("registrytoken.example.com/org/repo"), new AuthConfig());
+
+        assertEquals("Correct identitytoken is obtained from a credential store", "secret", authConfig.getIdentitytoken());
+    }
+
     @Test
     public void lookupUsingHelperEmptyAuth() throws URISyntaxException {
         final RegistryAuthLocator authLocator = createTestAuthLocator("config-empty-auth-with-helper.json");

core/src/test/resources/auth-config/config-with-helper-using-token.json

@@ -0,0 +1,11 @@
+{
+    "auths": {
+        "registrytoken.example.com": {}
+    },
+    "HttpHeaders": {
+        "User-Agent": "Docker-Client/18.03.0-ce (darwin)"
+    },
+    "credHelpers": {
+        "registrytoken.example.com": "fake"
+    }
+}

core/src/test/resources/auth-config/docker-credential-fake

@@ -15,8 +15,21 @@ if [[ $inputLine == "https://not.a.real.registry/url" ]]; then
     exit 1
 fi
 
-echo '{' \
-     '  "ServerURL": "url",' \
-     '  "Username": "username",' \
-     '  "Secret": "secret"' \
-     '}'
+if [[ $inputLine == "registry.example.com" ]]; then
+    echo '{' \
+        '  "ServerURL": "url",' \
+        '  "Username": "username",' \
+        '  "Secret": "secret"' \
+        '}'
+    exit 0
+fi
+if [[ $inputLine == "registrytoken.example.com" ]]; then
+    echo '{' \
+        '  "ServerURL": "url",' \
+        '  "Username": "<token>",' \
+        '  "Secret": "secret"' \
+        '}'
+    exit 0
+fi
+
+exit 1

core/src/test/resources/auth-config/win/docker-credential-fake.bat

@@ -14,8 +14,21 @@ if "%inputLine%" == "https://not.a.real.registry/url" (
      exit 1
 )
 
-echo {
-echo   "ServerURL": "url",
-echo   "Username": "username",
-echo   "Secret": "secret"
-echo }
+if "%inputLine%" == "registry.example.com" (
+     echo {
+     echo   "ServerURL": "url",
+     echo   "Username": "username",
+     echo   "Secret": "secret"
+     echo }
+     exit 0
+)
+if "%inputLine%" == "registrytoken.example.com" (
+     echo {
+     echo   "ServerURL": "url",
+     echo   "Username": "<token>",
+     echo   "Secret": "secret"
+     echo }
+     exit 0
+)
+
+exit 1