Get Image Tags returns 403 using personal access token

[aldobongio]

Hello, today we are experiencing exactly the same issue as #2171. The only difference is in the errinfo detail.

Starting from today listing image tags using a token obtained via personal access token returns a 403.

To replicate:

1. Login on hub.docker.com using a regular user and its main password
2. Profile > Account Settings > Security > New Access Token > Copy the access token

Now open a Linux environment with curl available:

TOKEN=$(curl -s -H "Content-Type: application/json" -X POST -d '{"username": "<USERNAME>", "password": "<MAIN_PASSWORD>"}' https://hub.docker.com/v2/users/login/ | jq -r .token )
curl -s -H "Content-Type: application/json" -H "Authorization: JWT ${TOKEN}" -X GET "https://hub.docker.com/v2/repositories/<ORGANIZATION>/<IMAGE_NAME>/tags/?page=1&page_size=10000"
{"count":... }

TOKEN=$(curl -s -H "Content-Type: application/json" -X POST -d '{"username": "<USERNAME>", "password": "<PERSONAL_ACCESS_TOKEN>"}' https://hub.docker.com/v2/users/login/ | jq -r .token )
curl -s -H "Content-Type: application/json" -H "Authorization: JWT ${TOKEN}" -X GET "https://hub.docker.com/v2/repositories/<ORGANIZATION>/<IMAGE_NAME>/tags/?page=1&page_size=10000"
{"errinfo":{"detail":"","http_status":403,"method":"GET","url":"https://accounts-api.s.us-east-1.aws.dckr.io/v2/user/"},"message":"GET https://accounts-api.s.us-east-1.aws.dckr.io/v2/user/ returned 403 : "}

Until the last week the API invocation using the token obtained from a login with a personal access token worked perfectly. Today is not working. And is forcing us to store in our CI/CD environment the master password of the user responsible of reading/writing the Docker Hub registry, like in the pre-access-token era.

[chlins]

+1

[milosgajdos]

Hi, apologies for this. We are working on the fix. We will update you asap.

[zappy-shu]

Apologies for the wait. This should now be fixed

[aldobongio]

It works, thanks!