Handle empty scopes and always send the WWW-Authenticate header, as per spec

Fixes #1045

endpoints/v2/v2auth.py

@@ -9,7 +9,7 @@ from cachetools import lru_cache
 from app import app
 from data import model
 from auth.auth import process_auth
-from auth.jwt_auth import build_context_and_subject
+from auth.registry_jwt_auth import build_context_and_subject
 from auth.auth_context import get_authenticated_user, get_validated_token, get_validated_oauth_token
 from auth.permissions import (ModifyRepositoryPermission, ReadRepositoryPermission,
                               CreateRepositoryPermission)
@@ -49,7 +49,7 @@ def generate_registry_jwt():
   audience_param = request.args.get('service')
   logger.debug('Request audience: %s', audience_param)
 
-  scope_param = request.args.get('scope')
+  scope_param = request.args.get('scope') or ''
   logger.debug('Scope request: %s', scope_param)
 
   user = get_authenticated_user()
@@ -62,7 +62,8 @@ def generate_registry_jwt():
   logger.debug('Authenticated OAuth token: %s', oauthtoken)
 
   access = []
-  if scope_param is not None:
+
+  if len(scope_param) > 0:
     match = SCOPE_REGEX.match(scope_param)
     if match is None:
       logger.debug('Match: %s', match)