From d2e126c6fced5e88b21cde54b88f718473cdea5c Mon Sep 17 00:00:00 2001
From: Scott Rigby <scott@r6by.com>
Date: Mon, 2 Jun 2025 12:02:33 -0400
Subject: [PATCH] fix: Revert Helm v3 to OAuth2 workflow for OCI

ORAS v1 used POST for auth as part of OAuth workflow
ORAS v2 changed to GET for this
We can use the ForceAttemptOAuth2 setting to revert to prior behavior

This was not well-documented in the docker implementation used by ORAS 1

This is well-documented in the ORAS 2 OCI auth implementation:
https://github.com/opencontainers/wg-auth/blob/main/docs/implementations/ORAS.md?plain=1

Signed-off-by: Scott Rigby <scott@r6by.com>
---
 pkg/registry/client.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/registry/client.go b/pkg/registry/client.go
index 1ed6ab8e7..20b09b411 100644
--- a/pkg/registry/client.go
+++ b/pkg/registry/client.go
@@ -156,6 +156,8 @@ func NewClient(options ...ClientOption) (*Client, error) {
 			authorizer.Cache = auth.NewCache()
 		}
 
+		authorizer.ForceAttemptOAuth2 = true
+
 		client.authorizer = &authorizer
 	}