Web application determines auth provider by www-authenticate header of given registry host (can be basic auth, token auth or empty) Credentials are base64 encoded and encrypted by app secret using ...