From 1182981b0dcaaa4f614e6090289bca1b86a73cb2 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 19 May 2026 02:02:52 +0000
Subject: [PATCH] fix(api): clarify nolint comment and add fallback doc in
 bearer_oidc.go

Agent-Logs-Url: https://github.com/project-zot/zot/sessions/1a321663-3147-46e9-9321-989e5dd0ed3c

Co-authored-by: rchincha <45800463+rchincha@users.noreply.github.com>
---
 pkg/api/bearer_oidc.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pkg/api/bearer_oidc.go b/pkg/api/bearer_oidc.go
index 6d412766..ce7947a3 100644
--- a/pkg/api/bearer_oidc.go
+++ b/pkg/api/bearer_oidc.go
@@ -236,10 +236,12 @@ func getOIDCTokenFromAuthorizationHeader(header string, allowBasicAuth bool) (st
 		}
 
 		pair := strings.SplitN(string(decodedStr), ":", 2) //nolint:mnd
-		if len(pair) != 2 {                                //nolint:mnd
+		if len(pair) != 2 {                                 //nolint:mnd
 			return "", zerr.ErrInvalidBearerToken
 		}
 
+		// Prefer the password field as the token; fall back to the username field
+		// when the password is empty (e.g. "token:" basic-auth encoding).
 		tokenString := pair[1]
 		if tokenString == "" {
 			tokenString = pair[0]