From 15d62d35f9a3af0727679ee065e30b56a72cfba8 Mon Sep 17 00:00:00 2001
From: Nate Faerber <natefaerber@gmail.com>
Date: Thu, 5 Dec 2024 18:55:49 -0800
Subject: [PATCH] fix: do not set empty token so anon works for public ecr

Signed-off-by: Nate Faerber <natefaerber@gmail.com>
---
 CHANGELOG.md     | 1 +
 oras/provider.py | 6 +++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e137316..3bf6c06 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,7 @@ The versions coincide with releases on pip. Only major versions will be released
 
 ## [0.0.x](https://github.com/oras-project/oras-py/tree/main) (0.0.x)
  - check for blob existence before uploading (0.2.26)
+   - fix empty token for anon tokens to work, closes issue [167](https://github.com/oras-project/oras-py/issues/167)
  - retry on 500 (0.2.25)
  - align provider config_path type annotations (0.2.24)
  - add missing prefix property to auth backend (0.2.23)
diff --git a/oras/provider.py b/oras/provider.py
index 8caa588..d849c6e 100644
--- a/oras/provider.py
+++ b/oras/provider.py
@@ -983,7 +983,11 @@ def do_request(
         :type stream: bool
         """
         # Make the request and return to calling function, but attempt to use auth token if previously obtained
-        if headers is not None and isinstance(self.auth, oras.auth.TokenAuth):
+        if (
+            headers is not None
+            and isinstance(self.auth, oras.auth.TokenAuth)
+            and self.auth.token is not None
+        ):
             headers.update(self.auth.get_auth_header())
         response = self.session.request(
             method,