Authentication with an identitytoken in config.json isn't used correctly

[jwhite-sds]

Expected Behaviour
The ImageClient.pull() is successful.

Actual Behaviour
Receive an unauthorized error

Testcontainer Logs

testcontainers [ERROR] Failed to pull image "XXX.azurecr.io/image": Error: (HTTP code 500) server error - Head "https://XXX.azurecr.io/v2/repo/manifests/tag": unauthorized: {"errors":[{"code":"UNAUTHORIZED"}]} 

Steps to Reproduce

Have a .docker/config.json that looks like the following:

{
        "auths": {
                "XXXX.azurecr.io": {
                        "auth": "MDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAwOg==",
                        "identitytoken": "<TOKEN>"
                }
        }
}

Try to pull an image.

Environment Information

• Operating System: Ubuntu 22.04 in WSL
• Docker Version: 28.5.2
• Node version: 22.19.0
• Testcontainers version: 11.9.0

Looks to be a continuation of #1179, I know that a credential store is the way to go, but azure pipelines doesn't seem to use one...

I can fix this with the following patch:

diff --git a/build/container-runtime/auth/auths.js b/build/container-runtime/auth/auths.js
index 0885ca4902e3a1faa8424cdc76ae714cb07a8f32..2ec31502038e7348447b06112db7ba9ffad616c4 100644
--- a/build/container-runtime/auth/auths.js
+++ b/build/container-runtime/auth/auths.js
@@ -15,7 +15,9 @@ class Auths {
         if (auth.email) {
             authConfig.email = auth.email;
         }
-        if (auth.auth) {
+        if (auth.identitytoken) {
+            authConfig.identitytoken = auth.identitytoken;
+        } else if (auth.auth) {
             const decodedAuth = Buffer.from(auth.auth, "base64").toString();
             const [username, ...passwordParts] = decodedAuth.split(":");
             const password = passwordParts.join(":");

Happy to put together a slightly tidier PR tomorrow.

[cristianrgreco]

PR is very welcome, thanks!