core: add missing prefix property to auth backend

[tarilabs]

ref #164 (comment)

[vsoch]

@tarilabs this won't always be https - specifically in testing. I think we'd want to inherit this from the parent that created it, and use the same convention there with insecure as a boolean to determine the prefix (and not hard code http or https). Let me know your thoughts.

[tarilabs]

this line is specifically about the default isn't it,
and is mainly never used because here:

https://github.com/oras-project/oras-py/pull/165/files#diff-ccb407ceff93417721d33c41bf1975c04c98454fd2a36518a7b8572808db03a4R81

is set explicitly.

am I missing something? 🤔

[vsoch]

Yes I think you want to set it based on the insecure parameter:

 self.prefix: str = "http" if insecure else "https"

Which is in the init of the provider.

[tarilabs]

mmm, I've actually mimic-ed on existing code and did that in line 23 of this file.

making the line you quote:

https://github.com/oras-project/oras-py/pull/165/files#diff-fcbd6629a667f0deb29e01bccd3fa21f8790961f48092d8cee24ad00986706a9R22

another (unused) default.

I'm happy to refactor this code differently if that helps, I was just trying to go with the existing "code convention"? :)

[tarilabs]

hope the comment in https://github.com/oras-project/oras-py/pull/165/files#r1805164912 answer the last question, but if that helps, here is the run-down of how keeping the same existing code-style as present today on main, the prefix is set for the auth backed--see below steps with my reasoning out loud, and happy to be corrected!

If you want me to refactor differently, kindly let me know in which way differing from current style; thanks!

[tarilabs]

step 1.

the prefix of provider is set a few lines above:

oras-py/oras/provider.py

Line 69 in 36ef98a

self.prefix: str = "http" if insecure else "https"

and is "pass forward" as suggested to the call of oras.auth.get_auth_backend()

[tarilabs]

step 2.

unless otherwise specified, this function get_auth_backend() parameter prefix defaults to https; but for all usages in oras code, is set from provider's prefix, as we seen in step1.

[tarilabs]

step 3.
the determined backend (either token or basic) get .prefix property set to the value received in step 2

this maintains code-style for .session another property set on determined backend.

[tarilabs]

step 4.

the base AuthBackend by default would have a property prefix valorized to https, but as we just seen in step 3, this is set to the actual prefix value.

[vsoch]

@tarilabs I understand your logic - the question is if a user is ever going to call get_auth_backend outside of the provider. In that case, they could do something like:

get_auth_backend(name="token", session=None, prefix="bananas")

In which case my preference is to better control that, and (although there is redundancy in setting the prefix) you can better control that with:

get_auth_backend(name="token", session=None, insecure=False):
    ...
    self.prefix = "http" if insecure else "https"

My preference is to generally not have open string arguments like that, but instead booleans that control them.

[tarilabs]

thank you for taking the time to explain to me this "gap" @vsoch ; I believe I got it now; let me refactor it 👍

[tarilabs]

Refactored and maintained version update and changelog, so to make a release to support conversations in #164

[vsoch]

This looks good! Thanks @tarilabs!