fix: do not set empty token so anon works for public ecr

CHANGELOG.md

@@ -15,7 +15,8 @@ The versions coincide with releases on pip. Only major versions will be released
 
 ## [0.0.x](https://github.com/oras-project/oras-py/tree/main) (0.0.x)
  - check for blob existence before uploading (0.2.26)
-    - fix get_tags for ECR when limit is None, closes issue [173](https://github.com/oras-project/oras-py/issues/173)
+   - fix get_tags for ECR when limit is None, closes issue [173](https://github.com/oras-project/oras-py/issues/173)
+   - fix empty token for anon tokens to work, closes issue [167](https://github.com/oras-project/oras-py/issues/167)
  - retry on 500 (0.2.25)
  - align provider config_path type annotations (0.2.24)
  - add missing prefix property to auth backend (0.2.23)

oras/provider.py

@@ -983,7 +983,11 @@ def do_request(
         :type stream: bool
         """
         # Make the request and return to calling function, but attempt to use auth token if previously obtained
-        if headers is not None and isinstance(self.auth, oras.auth.TokenAuth):
+        if (
+            headers is not None
+            and isinstance(self.auth, oras.auth.TokenAuth)
+            and self.auth.token is not None
+        ):
             headers.update(self.auth.get_auth_header())
         response = self.session.request(
             method,