Differing tokens from AWS CLI vs API

Question

When using the AWS CLI command of aws ecr get-login-password --region us-east-1 I get a reasonably sized token to use with my Docker commands. Using the API however generates a much larger token that is invalid and causes a 400 error when attempting to have Docker login.

var ecrClient = new AmazonECRClient(awsAccessKeyId, awsSecretAccessKey, RegionEndpoint.USEast1);
var tokenResponse = await ecrClient.GetAuthorizationTokenAsync(new GetAuthorizationTokenRequest());
var token = tokenResponse.AuthorizationData.Single().AuthorizationToken;

the awsAccessKeyId and awsSecretAccessKey are both identical from the API usage to the CLI usage (when doing aws configure and setting them there). Documentation for the API is a bit sparse, what am I missing (or misunderstanding)?

Answer 1

Turns out that the response from the API is Base64Encoded (it does actually say that in the docs, I just assumed that the token from the CLI was also encoded and that I didn't need to decode it, just pass it along as given).

Decoding it via:

var tokenData = Convert.FromBase64String(tokenResponse.AuthorizationData.Single().AuthorizationToken);
var tokenContent = Encoding.UTF8.GetString(tokenData);

Returns a string in the format of Foo:bar where bar is the token that matches the return from the CLI. So splitting it on the colon then provides you the same information you would via the CLI.