Container Support

The server will maintain a record of authorized users within different scopes. A client will need to log in (send an HTTP GET request) with credentials provided in a request header in order to process further with a requested operation.

For example, a user/docker daemon will be able to execute the following command to accomplish an authentication and generate a secure token:

curl -Lv -u <username>:<password> "https://sso.redhat.com/auth/realms/rhcc/protocol/redhat-docker-v2/auth?service=docker-registry&client_id=curl&scope=repository:rhel:pull"

The fields "<username>" and "<password>" will be managed by the token server. For now, the token server is neither a separate process nor application. Access to different scopes and different type of actions will be granted based on the result of an authentication.