0

I'm trying to get all OSS licenses supported by Bintray, but seems like the API has modified and documentation not.

If you read the OSS license section: https://bintray.com/docs/api/#_get_oss_licenses

Returns a list of all the OSS licenses. This resource can be consumed by both authenticated and anonymous clients."

However, if I try to GET the licenses, as anonymous, Bintray returns 401 (Unauthorized):

curl -vvv https://api.bintray.com/licenses/oss_licenses
* Trying 75.126.208.206...
* TCP_NODELAY set
* Connected to api.bintray.com (75.126.208.206) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* NPN, negotiated HTTP1.1
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Next protocol (67):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=*.bintray.com
*  start date: Sep 15 00:00:00 2018 GMT
*  expire date: Nov  9 12:00:00 2019 GMT
*  subjectAltName: host "api.bintray.com" matched cert's "*.bintray.com"
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=GeoTrust RSA CA 2018
*  SSL certificate verify ok.
> GET /licenses/oss_licenses HTTP/1.1
> Host: api.bintray.com
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Server: nginx
< Date: Tue, 26 Mar 2019 19:28:56 GMT
< Content-Type: application/json
< Content-Length: 51
< Connection: keep-alive
< WWW-Authenticate: Basic realm="Bintray API Realm"
<
* Connection #0 to host api.bintray.com left intact
{"message":"This resource requires authentication"}

I think authentication should not required, since I'm not changing anything. Is it a bug or the documentation is outdated?

Regards!

uilianries
  • 3,363
  • 15
  • 28
  • Did you try to reach Bintray's support? I'm sure they can help. – Royg Mar 26 '19 at 20:38
  • I sent an email to support@jfrog.com, but a bot answered me: "Thank you for contacting JFrog Support. Our records do not list you as an active JFrog user. SLA-based support services or access to the support portal, along with bug fixes, maintenance, and upgrades, are ONLY provided to JFrog users with active subscriptions." If I access the support page (https://jfrog.com/support), there are only 3 options, Customer Ticket Portal (I'm not a customer), Knowledge Base (It didn't help) and Open Source User Forum (StackOverflow). – uilianries Mar 26 '19 at 21:42

1 Answers1

1

As you also mentioned, this REST can be run both with an authenticated user and anonymous. Looks like there was a bug around that (Documented internally in JFrog's JIRA as - JBT-2948)

You should be able to run this as anonymous now (see below screenshot)

Fetching OSS licenses using anonymous

Yonatan Brand
  • 781
  • 3
  • 11