From 4cfbf74f46ab49cad0b97a7762a2be8290ff296a Mon Sep 17 00:00:00 2001
From: Silvio Giebl <gieblsilvio@outlook.com>
Date: Tue, 23 Jul 2024 11:10:08 +0200
Subject: [PATCH] Remove validation of auth scopes in OciRegistryApi to support
 GitHub package registry

---
 .../gradle/oci/internal/registry/OciRegistryApi.kt        | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/main/kotlin/io/github/sgtsilvio/gradle/oci/internal/registry/OciRegistryApi.kt b/src/main/kotlin/io/github/sgtsilvio/gradle/oci/internal/registry/OciRegistryApi.kt
index 3962bda1..e1a69108 100644
--- a/src/main/kotlin/io/github/sgtsilvio/gradle/oci/internal/registry/OciRegistryApi.kt
+++ b/src/main/kotlin/io/github/sgtsilvio/gradle/oci/internal/registry/OciRegistryApi.kt
@@ -557,11 +557,11 @@ internal class OciRegistryApi(httpClient: HttpClient) {
         val service = bearerParams["service"] ?: throw IllegalArgumentException("bearer authorization header is missing 'service'")
         val scope = bearerParams["scope"] ?: throw IllegalArgumentException("bearer authorization header is missing 'scope'")
         val scopesFromResponse = scope.split(' ').mapTo(HashSet()) { it.decodeToResourceScope() }
-        if (scopesFromResponse != scopes) {
-            throw IllegalStateException("scopes do not match, required: $scopes, from bearer authorization header: $scopesFromResponse")
-        }
+//        if (scopesFromResponse != scopes) { // TODO GitHub container registry always returns pull as action (no pull,push) and returns "user/image" as repository when sending basic auth in first request, log a warning instead?
+//            throw IllegalStateException("scopes do not match, required: $scopes, from bearer authorization header: $scopesFromResponse")
+//        }
         return tokenCache.getMono(TokenCacheKey(registryUrl, scopes, credentials?.hashed())) { key ->
-            val scopeParams = key.scopes.joinToString("&scope=", "scope=") { it.encodeToString() }
+            val scopeParams = scopesFromResponse.joinToString("&scope=", "scope=") { it.encodeToString() }
             httpClient.headers { headers ->
                 if (credentials != null) {
                     headers[HttpHeaderNames.AUTHORIZATION] = credentials.encodeBasicAuthorization()