/v2/_catalog endpoint not working

[serhatcetinkaya]

Problem description

Hello, I am trying to use /v2/_catalog endpoint to list the repos I have on Docker Hub but it seems like there is a problem with the endpoint. What I am trying to do:

1. Hit https://index.docker.io/v2/_catalog endpoint with curl without any Authorization and I get 401 error with following header:

   ➜  ~ curl https://index.docker.io/v2/_catalog -v
   ...
   < HTTP/1.1 401 Unauthorized
   ...
   Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="registry:catalog:*"
   ...

2. Using the info from Www-Authenticate header I create a bearer token with proper scope:

   ➜  ~ curl -s --user $USER:$PASS "https://auth.docker.io/token?service=registry.docker.io&scope=registry:catalog:*"
   {
   "token": "eyJhbGciOiJSUzI1NiIsInR***",
   "access_token": "eyJhbGciOiJSUzI1NiIsInR***",
   "expires_in": 300,
   "issued_at": "2021-04-28T13:05:30.289632369Z"
   }

3. Use bearer token as Authorization and hit the /v2/_catalog endpoint again:

   ➜  ~ curl -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR***" https://index.docker.io/v2/_catalog -v
   ...
   < HTTP/1.1 401 Unauthorized
   ...
   < Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="registry:catalog:*",error="insufficient_scope"
   ...

What is the problem / what I expected to see

On step 3 I was expecting a proper response containing a list of repos, instead I got 401 and error saying insufficient_scope even though the token had exactly the same scope as requested.

How to reproduce

Follow the steps 1-3 with proper $USER and $PASS

[serhatcetinkaya]

@nebuk89 @mikeparker Do you guys have any idea about what I might be missing ?

[serhatcetinkaya]

nevermind...