How do I use this API call:
but I can do:
But this doesn't seem to use the synapse authentication, i can append anything after "service" and get a token:
I have code here that gets the actual bearer token and validates that the docker image exists: https://github.com/Sage-Bionetworks/challengeutils/blob/validate-docker/challengeutils/validate_docker.py.
> How do I use this API call
As stated in the page you linked, "This service is called by the Docker client only and is not for general use." So you would only use it if you are implementing a Docker client. The API that a Docker client can use is defined here: https://docs.docker.com/registry/spec/api/ and the use of the authorization token is described here: https://docs.docker.com/registry/spec/auth/token/
> I can do ... But this doesn't seem to use the synapse authentication, i can append anything after "service" and get a token
You are exploring the API by trial and error. To use the API please read the specifications linked above (or simply use an existing Docker client, like the Python Docker client).
Ah I see. I do actually already do that in the GitHub linked. I just thought this API call would potentially obtain a beartoken using synapse login credentials. Currently the workflow orchestrator passes in username and password, but ideally in the future it would pass in username and apikey for security purposes. I'm unsure if authentication would work for the docker client using the synapse API key.
> I just thought this API call would potentially obtain a beartoken using synapse login credentials
It does! From https://docs.docker.com/registry/spec/auth/token/
From Docker 1.11 the Docker engine supports both Basic Authentication and OAuth2 for getting tokens. Docker 1.10 and before, the registry client in the Docker Engine only supports Basic Authentication.
Synapse supports only Basic Authentication today.
> Currently the workflow orchestrator passes in username and password
Yes, and the Orchestrator uses the user name and password to authenticate Docker bearer token requests. You can see it here: https://github.com/Sage-Bionetworks/SynapseWorkflowOrchestrator/blob/master/src/main/java/org/sagebionetworks/DockerUtils.java#L117
> but ideally in the future it would pass in username and apikey for security purposes. I'm unsure if authentication would work for the docker client using the synapse API key.
It does not. In the future we should change the Orchestrator to use an Oauth 2.0 access token and we should change the Synapse Docker bearer token API to accept that token to authorize requests to the Synapse Docker registry.
Also, I suggest that you write your code so that it works with any Docker registry, not just just the Synapse Docker registry.
Thanks for the suggestion!