I wanted to use access token to do push/pull docker images. I read the information on https://docs.docker.com/registry/spec/auth/jwt/
I am getting “requested access to the resource is denied” error when I use the generated token to push/pull image to my private repository. I’m hoping someone here had resolved this issue before and can help me out.
I use my docker’s username and password to generate an access token with this script.
reponame=“userlogin/private-repo”
actions=“push,pull”
headers="Authorization: Basic (echo -n "{username}:{password}" | base64)"
response=(curl -s -H “$headers” “https://auth.docker.io/token?service=registry.docker.io&scope=repository:$reponame:$actions”)
echo $response | jq ‘.token’ | xargs echo
I put the generated token in ~/.docker/config.json
cat ~/.docker/config.json
{
"HttpHeaders": {
"Authorization": "Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6 ...",
"User-Agent": "Docker-Client/19.03.1 (linux)"
}
}
docker pull userlogin/private-repo:tag1
Error response from daemon: pull access denied for userlogin/private-repo, repository does not exist or may require ‘docker login’: denied: requested access to the resource is denied
I put the token through the jwt decoder and the payload section looks like this
{
“access”: [
{
“type”: “repository”,
“name”: “userlogin/private-repo”,
“actions”: [
“push”,
“pull”
]
}
],
“aud”: “registry-docker-io”,
“exp”: 1568139741,
“iat”: 1568139441,
“iss”: “auth-docker-io”,
“jti”: “lx9zfVptM9eLhjgnEjih”,
“nbf”: 1568139141,
“sub”: “557269cb-00f6-4e0e-b02b-581994894914”
}
I was able to push/pull the image to my private repo with “docker login” credential.