Specifying signing algorithms for token authentication always results in error

[evanebb]

Description

For token authentication, you can specify the allowed signing algorithms:

However, if you do so, the registry will always return the following error, even if the list of signing algorithms is valid:

panic: unable to configure authorization (token): signingalgorithms must be a list of signing algorithms

Reproduce

1. Move into a new directory, and generate a key/certificate to use for token authentication:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -days 365 -subj "/CN=localhost:5000"

2. Create a basic docker-compose.yml file with the following contents:

services:
  registry:
    image: registry:3.0.0-rc.3
    ports:
      - "5000:5000"
    volumes:
      - ./config.yml:/etc/distribution/config.yml:ro
      - ./cert.pem:/etc/distribution/cert.pem:ro

3. Create the registry configuration file (config.yml) with the following contents (note the auth.token.signingalgorithms field, containing a valid list of signing algorithms):

version: 0.1
auth:
  token:
    # this is the culprit!
    signingalgorithms: [ RS256 ]
    realm: realm
    service: service
    issuer: issuer
    rootcertbundle: /etc/distribution/cert.pem
storage:
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000

4. Start the registry with docker compose up -d.
5. Observe the following error in the logs, even though the specified signing algorithms are valid:

panic: unable to configure authorization (token): signingalgorithms must be a list of signing algorithms

Expected behavior

When given a valid list of signing algorithms in the auth.token.signingalgorithms field in the configuration file, the registry should parse them properly without throwing an error.

registry version

3.0.0-rc.3

Additional Info

No response