Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password

util/security/registry_jwt.py

@@ -103,7 +103,8 @@ def _generate_jwt_object(audience, subject, context, access, lifetime_s, issuer,
   return jwt.encode(token_data, private_key, ALGORITHM, headers=token_headers)
 
 
-def build_context_and_subject(user=None, token=None, oauthtoken=None, tuf_root=None):
+def build_context_and_subject(user=None, token=None, oauthtoken=None, appspecifictoken=None,
+                              tuf_root=None):
   """ Builds the custom context field for the JWT signed token and returns it,
       along with the subject for the JWT signed token. """
   
@@ -123,6 +124,14 @@ def build_context_and_subject(user=None, token=None, oauthtoken=None, tuf_root=N
     })
     return (context, user.username)
 
+  if appspecifictoken:
+    context.update({
+      'kind': 'app_specific_token',
+      'user': user.username,
+      'ast': appspecifictoken.uuid,
+    })
+    return (context, user.username)
+
   if user:
     context.update({
       'kind': 'user',
@@ -141,5 +150,3 @@ def build_context_and_subject(user=None, token=None, oauthtoken=None, tuf_root=N
     'kind': 'anonymous',
   })
   return (context, ANONYMOUS_SUB)
-
-