0c29d6bac1
This commit adds support for the oauth [device-code](https://auth0.com/docs/get-started/authentication-and-authorization-flow/device-authorization-flow)
login flow when authenticating against the official registry.
This is achieved by adding `cli/internal/oauth`, which contains code to manage
interacting with the Docker OAuth tenant (`login.docker.com`), including launching
the device-code flow, refreshing access using the refresh-token, and logging out.
The `OAuthManager` introduced here is also made available through the `command.Cli`
interface method `OAuthManager()`.
In order to maintain compatibility with any clients manually accessing
the credentials through `~/.docker/config.json` or via credential
helpers, the added `OAuthManager` uses the retrieved access token to
automatically generate a PAT with Hub, and store that in the
credentials.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
(cherry picked from commit fcfdd7b91f)
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
29 lines
630 B
Go
29 lines
630 B
Go
package manager
|
|
|
|
import (
|
|
"fmt"
|
|
"runtime"
|
|
"strings"
|
|
|
|
"github.com/docker/cli/cli/config/credentials"
|
|
"github.com/docker/cli/cli/version"
|
|
)
|
|
|
|
const (
|
|
audience = "https://hub.docker.com"
|
|
tenant = "login.docker.com"
|
|
clientID = "L4v0dmlNBpYUjGGab0C2JtgTgXr1Qz4d"
|
|
)
|
|
|
|
func NewManager(store credentials.Store) *OAuthManager {
|
|
cliVersion := strings.ReplaceAll(version.Version, ".", "_")
|
|
options := OAuthManagerOptions{
|
|
Store: store,
|
|
Audience: audience,
|
|
ClientID: clientID,
|
|
Tenant: tenant,
|
|
DeviceName: fmt.Sprintf("docker-cli:%s:%s-%s", cliVersion, runtime.GOOS, runtime.GOARCH),
|
|
}
|
|
return New(options)
|
|
}
|