use first gar registry if needed (#4383)

api/server/handlers/registry/get_token.go

@@ -333,6 +333,27 @@ func (c *RegistryGetGARTokenHandler) ServeHTTP(w http.ResponseWriter, r *http.Re
 		}
 	}
 
+	if token == "" && len(regs) > 0 {
+		_reg := registry.Registry(*regs[0])
+
+		oauthTok, err := _reg.GetGARToken(ctx, c.Repo())
+		if err != nil {
+			// if the oauth token is not nil, we still return the token but log an error
+			if oauthTok == nil {
+				e := telemetry.Error(ctx, span, err, "error getting gar token")
+				c.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(e, http.StatusInternalServerError))
+				return
+			}
+			e := telemetry.Error(ctx, span, err, "error getting gar token, but token was returned")
+			c.HandleAPIErrorNoWrite(w, r, apierrors.NewErrInternal(e))
+		}
+
+		if oauthTok != nil {
+			token = oauthTok.AccessToken
+			expiresAt = oauthTok.Expiry
+		}
+	}
+
 	resp := &types.GetRegistryTokenResponse{
 		Token:     token,
 		ExpiresAt: expiresAt,