auth: revert to old /users/login endpoint for issuing tokens (#110)

nicks · web-flow · commit 50e5f50ae880 · 2025-08-05T10:36:41.000-04:00
fixes #108 the new endpoint has some additional restrictions that we weren't aware of. we're still tracking down what those restrictions are and what we should recommend users do instead. for now, just revert to the old route, so we have time to write appropriate docs on how to migrate. Signed-off-by: Nick Santos <nick.santos@docker.com>
diff --git a/internal/auth/token.go b/internal/auth/token.go
@@ -62,19 +62,19 @@ func (p *LoginTokenProvider) EnsureToken(ctx context.Context) (string, error) {
 
 	// Request new token
 	auth := struct {
-		Identifier string `json:"identifier"`
-		Secret     string `json:"secret"`
+		Username string `json:"username"`
+		Password string `json:"password"`
 	}{
-		Identifier: p.username,
-		Secret:     p.password,
+		Username: p.username,
+		Password: p.password,
 	}
 
 	authJSON, err := json.Marshal(auth)
 	if err != nil {
 		return "", fmt.Errorf("marshal auth: %v", err)
 	}
 
-	req, err := http.NewRequestWithContext(ctx, "POST", fmt.Sprintf("%s/auth/token", p.baseURL), bytes.NewBuffer(authJSON))
+	req, err := http.NewRequestWithContext(ctx, "POST", fmt.Sprintf("%s/users/login", p.baseURL), bytes.NewBuffer(authJSON))
 	if err != nil {
 		return "", err
 	}
@@ -91,14 +91,14 @@ func (p *LoginTokenProvider) EnsureToken(ctx context.Context) (string, error) {
 	}
 
 	var tokenResponse struct {
-		AccessToken string `json:"access_token"`
+		Token string `json:"token"`
 	}
 	if err := json.NewDecoder(res.Body).Decode(&tokenResponse); err != nil {
 		return "", fmt.Errorf("decode token response: %v", err)
 	}
 
 	// Parse token expiry
-	claims, err := getClaims(tokenResponse.AccessToken)
+	claims, err := getClaims(tokenResponse.Token)
 	if err != nil {
 		return "", fmt.Errorf("parse token claims: %v", err)
 	}
@@ -107,7 +107,7 @@ func (p *LoginTokenProvider) EnsureToken(ctx context.Context) (string, error) {
 	}
 
 	// Cache the token
-	p.token = tokenResponse.AccessToken
+	p.token = tokenResponse.Token
 	p.tokenExpiry = claims.Expiry.Time()
 
 	return p.token, nil

Original file line number	Diff line number	Diff line change
`@@ -62,19 +62,19 @@ func (p *LoginTokenProvider) EnsureToken(ctx context.Context) (string, error) {`
`62`	`62`
`63`	`63`	`// Request new token`
`64`	`64`	`auth := struct {`
`65`		- Identifier string `json:"identifier"`
`66`		- Secret string `json:"secret"`
	`65`	+ Username string `json:"username"`
	`66`	+ Password string `json:"password"`
`67`	`67`	`}{`
`68`		`- Identifier: p.username,`
`69`		`- Secret: p.password,`
	`68`	`+ Username: p.username,`
	`69`	`+ Password: p.password,`
`70`	`70`	`}`
`71`	`71`
`72`	`72`	`authJSON, err := json.Marshal(auth)`
`73`	`73`	`if err != nil {`
`74`	`74`	`return "", fmt.Errorf("marshal auth: %v", err)`
`75`	`75`	`}`
`76`	`76`
`77`		`- req, err := http.NewRequestWithContext(ctx, "POST", fmt.Sprintf("%s/auth/token", p.baseURL), bytes.NewBuffer(authJSON))`
	`77`	`+ req, err := http.NewRequestWithContext(ctx, "POST", fmt.Sprintf("%s/users/login", p.baseURL), bytes.NewBuffer(authJSON))`
`78`	`78`	`if err != nil {`
`79`	`79`	`return "", err`
`80`	`80`	`}`
`@@ -91,14 +91,14 @@ func (p *LoginTokenProvider) EnsureToken(ctx context.Context) (string, error) {`
`91`	`91`	`}`
`92`	`92`
`93`	`93`	`var tokenResponse struct {`
`94`		- AccessToken string `json:"access_token"`
	`94`	+ Token string `json:"token"`
`95`	`95`	`}`
`96`	`96`	`if err := json.NewDecoder(res.Body).Decode(&tokenResponse); err != nil {`
`97`	`97`	`return "", fmt.Errorf("decode token response: %v", err)`
`98`	`98`	`}`
`99`	`99`
`100`	`100`	`// Parse token expiry`
`101`		`- claims, err := getClaims(tokenResponse.AccessToken)`
	`101`	`+ claims, err := getClaims(tokenResponse.Token)`
`102`	`102`	`if err != nil {`
`103`	`103`	`return "", fmt.Errorf("parse token claims: %v", err)`
`104`	`104`	`}`
`@@ -107,7 +107,7 @@ func (p *LoginTokenProvider) EnsureToken(ctx context.Context) (string, error) {`
`107`	`107`	`}`
`108`	`108`
`109`	`109`	`// Cache the token`
`110`		`- p.token = tokenResponse.AccessToken`
	`110`	`+ p.token = tokenResponse.Token`
`111`	`111`	`p.tokenExpiry = claims.Expiry.Time()`
`112`	`112`
`113`	`113`	`return p.token, nil`