You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
All, blocking DockerHub feeds. Impacts release creation and search
Version
All, Latest
Latest Version
I could reproduce the problem in the latest build
What happened?
DockerHub has changed requirements on scopes, this has broken DockerHub feeds when searching and creating releases.
Error message: 401 - Unauthorized. Please check credentials.
Create a DockerHub feed, hit save and test and search for images -> 💥
Add a package to a deployment step using a docker feed. Create a release -> 💥
Reproduction
Create a DockerHub feed, hit save and test and search for images -> 💥
Add a package to a deployment step using a docker feed. Create a release -> 💥
Error and Stacktrace
401 - Unauthorized. Please check credentials.
Underlying error message
Request to Docker registry located at `https://auth.docker.io/token?service=registry.docker.io&scope=registry:catalog:*` failed with BadRequest:Bad Request. {"details":"request scopes must be of the same resource type"}
More Information
DockerHub has made an upstream change on required permission scopes that have impacted authentication. This has broken release creation and search for both V1 and V2 feeds.
For V2 feeds we make a request to DockerHub, if that's UnAuthorized, we'll pull the auth details such as service and scope out of the header, make a token request and re-issue the original request. The scope that's being returned for this request is registry:catalog:* which is also hardcoded for out V1 endpoints. Tokens using this scope are facing permission issues across all endpoints. Updating this from registry:catalog:* to registry:* resolves this issue.
Workaround
NA
The text was updated successfully, but these errors were encountered:
Release Note: Fixes an issue with upstream DockerHub auth where tokens requested with "registry:catalog:" no longer grant access. Updated to use "registry:"
Severity
All, blocking DockerHub feeds. Impacts release creation and search
Version
All, Latest
Latest Version
I could reproduce the problem in the latest build
What happened?
DockerHub has changed requirements on scopes, this has broken DockerHub feeds when searching and creating releases.
Error message:
401 - Unauthorized. Please check credentials.
Reproduction
Error and Stacktrace
More Information
DockerHub has made an upstream change on required permission scopes that have impacted authentication. This has broken release creation and search for both V1 and V2 feeds.
For V2 feeds we make a request to DockerHub, if that's UnAuthorized, we'll pull the auth details such as service and scope out of the header, make a token request and re-issue the original request. The scope that's being returned for this request is registry:catalog:* which is also hardcoded for out V1 endpoints. Tokens using this scope are facing permission issues across all endpoints. Updating this from
registry:catalog:*
toregistry:*
resolves this issue.Workaround
NA
The text was updated successfully, but these errors were encountered: