problems with bearer authentication

[nyabla]

edit: it was issues on my end with the JWT

versions I tried on: 1.4.3 and 2.0.0-rc7

my config file: config.json

background: i am trying to run an instance of zot with authentication handled by authentik. i have a sort of proxy in front of the token endpoint of authentik in order to translate the GET token request into a POST request. The clients I tried (docker cli and podman) are both able to obtain a valid token from this endpoint.

problem: zot gives a 500 Internal Server Error response upon receiving a request with a (valid) bearer token ONLY when the service key under bearer is non-empty. if the service key has an empty string ("") then podman/skopeo get confused.

what i tried: making sure that the value of the aud key in the jwt matches the value of service, similarly to the auth.docker.io endpoint.

[rchincha]

@nyabla #2096
^ can you also attach the logs to triage this quicker?

[nyabla]

access claim was missing in jwt. now i'm having different issues but we persevere