search

docker / hub-feedback

Feedback and bug reports for the Docker Hub
https://hub.docker.com
233 stars 40 forks source link

Get Image Tags returns 403 using personal access token. #2171

Closed aldobongio closed 2 years ago

aldobongio commented 2 years ago

Not sure if this relates to #2166. Anyway, starting from today listing image tags using a token obtained via personal access token returns a 403.

To replicate:

  1. Login on hub.docker.com using a regular user and its main password
  2. Profile > Account Settings > Security > New Access Token > Copy the access token

Now open a Linux environment with curl available:

TOKEN=$(curl -s -H "Content-Type: application/json" -X POST -d '{"username": "<USERNAME>", "password": "<MAIN_PASSWORD>"}' https://hub.docker.com/v2/users/login/ | jq -r .token )
curl -s -H "Content-Type: application/json" -H "Authorization: JWT ${TOKEN}" -X GET "https://hub.docker.com/v2/repositories/<ORGANIZATION>/<IMAGE_NAME>/tags/?page=1&page_size=10000"
{"count":... }

TOKEN=$(curl -s -H "Content-Type: application/json" -X POST -d '{"username": "<USERNAME>", "password": "<PERSONAL_ACCESS_TOKEN>"}' https://hub.docker.com/v2/users/login/ | jq -r .token )
curl -s -H "Content-Type: application/json" -H "Authorization: JWT ${TOKEN}" -X GET "https://hub.docker.com/v2/repositories/<ORGANIZATION>/<IMAGE_NAME>/tags/?page=1&page_size=10000"
{"errinfo":{},"message":"access to the resource is forbidden with personal access token"}

Until the last week the API invocation using the token obtained from a login with a personal access token worked perfectly. Today is not working. And is forcing us to store in our CI/CD environment the master password of the user responsible of reading/writing the Docker Hub registry, like in the pre-access-token era.

lpa commented 2 years ago

Exact same problem for all the CI/CD builds of my organization, PAT does not work anymore for the URL provided above

shawnaxsom commented 2 years ago

Thanks for reporting!

We're able to reproduce on our end and we know a likely cause that would affect that endpoint.

One of the engineers is investigating, and if the hunch is correct, we should have a fix out pretty soon.

technicallyjosh commented 2 years ago

👋🏼 Hey there. 🙏🏼 Thanks for your patience! A fix has been deployed.

lpa commented 2 years ago

Works for me, thank you !