Cannot make get request after acquiring Bearer token - 401 error "insufficient scope"

Question

I have the following requests to get a bearer token from the Docker Hub API and then use that token for a GET request to the given endpoint:

#!/usr/bin/env bash

raw_token="$(curl https://auth.docker.io/token?service=registry.docker.io&scope=repository:library/ubuntu:list)";
token="$(node -pe "JSON.parse('$raw_token').token")"
curl -i -H "Authorization: Bearer $token" https://registry-1.docker.io/v2/library/ubuntu/tags/list

If I run that, I get this error:

HTTP/1.1 401 Unauthorized
Content-Type: application/json; charset=utf-8
Docker-Distribution-Api-Version: registry/2.0
Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:library/ubuntu:pull",error="insufficient_scope"
Date: Wed, 20 Jun 2018 08:02:24 GMT
Content-Length: 157
Strict-Transport-Security: max-age=31536000

{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"repository","Class":"","Name":"library/ubuntu","Action":"pull"}]}]}

Does anyone know how I can make the right request, and get the right token?

I filed an issue on Github, out of desperation: https://github.com/docker/distribution/issues/2624 — , Jun 20 '18 at 08:09
Here are the most relevant docs I could find: https://docs.docker.com/registry/spec/auth/token/#how-to-authenticate — , Jun 20 '18 at 08:20

score 0 · Answer 1 · answered Jun 23 '18 at 14:37

0

When you get token, you specify scope=repository:library/ubuntu:list. When you use token, it says you need scope="repository:library/ubuntu:pull".

answered Jun 23 '18 at 14:37

Eugene Primako

2,767
9
26
35

Cannot make get request after acquiring Bearer token - 401 error "insufficient scope"

1 Answers1