I’ve noticed a surprising behaviour from dockerhub’s API. The following request:
$ curl -i -H 'Accept: application/vnd.docker.distribution.manifest.v2+json' 'https://registry-1.docker.io/v2/purestorage/docker-plugin/manifests/3.4'
results in the following header
Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:purestorage/docker-plugin:pull"
However, that’s incorrect, the class should’ve been repository(plugin) in that case. If I attempt to make a request to https://auth.docker.io/token passing that scope I’ll get an invalid token. However, if I replace repository with repository(plugin) it works.
Is that expected? Am I reporting that in the right place? Where should I report it?