Registry V2 Catalog

rquackenbush · January 29, 2018, 1:15pm

I’m attempting to get the catalog from the public V2 repository API at with:

curl -v https://registry-1.docker.io/v2/_catalog

I get the expected challenge back in the following header:

Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="registry:catalog:*"

I now obtain on OAuth token:

curl -v "https://auth.docker.io/token?service=registry.docker.io&scope=registry:catalog:*"

{"token":"eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlDTHpDQ0FkU2dBd0lCQWdJQkFEQUtCZ2dxaGtqT1BRUURBakJHTVVRd1FnWURWUVFERXp0Uk5Gb3pPa2RYTjBrNldGUlFSRHBJVFRSUk9rOVVWRmc2TmtGRlF6cFNUVE5ET2tGU01rTTZUMFkzTnpwQ1ZrVkJPa2xHUlVrNlExazFTekFlRncweE56QTFNREl5TWpBME5UZGFGdzB4T0RBMU1ESXlNakEwTlRkYU1FWXhSREJDQmdOVkJBTVRPMDFPTms0NlJraFVWenBKV0VWSE9rOUpOMUU2UVRWWFJqcFpSRVUwT2pkRE4wNDZSMWRKVVRvMVZ6STNPa2hPTlVvNlZVNURRVG95U0UxQ01Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRU5KRklhQ1hHNWYxSk9BZnZSaTJDU081K1Q5RVpKd2doai9SUXgzNW9Uc3Q4RnhXY0dRc3ZOMG5sdW5DVVdIbENxN2I4NFJRTXV0WUVIUnY4MVhweTU2T0JzakNCcnpBT0JnTlZIUThCQWY4RUJBTUNCNEF3RHdZRFZSMGxCQWd3QmdZRVZSMGxBREJFQmdOVkhRNEVQUVE3VFU0MlRqcEdTRlJYT2tsWVJVYzZUMGszVVRwQk5WZEdPbGxFUlRRNk4wTTNUanBIVjBsUk9qVlhNamM2U0U0MVNqcFZUa05CT2pKSVRVSXdSZ1lEVlIwakJEOHdQWUE3VVRSYU16cEhWemRKT2xoVVVFUTZTRTAwVVRwUFZGUllPalpCUlVNNlVrMHpRenBCVWpKRE9rOUdOemM2UWxaRlFUcEpSa1ZKT2tOWk5Vc3dDZ1lJS29aSXpqMEVBd0lEU1FBd1JnSWhBSTJVUlpMQVRTM3R4bjNpNTY0SXVQSFEwQU1Mb1g5cTZCMmdnN01KSHJuTkFpRUE0Q3lzbmtENHhjQm42amdobVdnQzczQjdGVkszenFnOTV4ZjNRK2xGVHlrPSJdfQ.eyJhY2Nlc3MiOltdLCJhdWQiOiJyZWdpc3RyeS5kb2NrZXIuaW8iLCJleHAiOjE1MTcyMzE3OTgsImlhdCI6MTUxNzIzMTQ5OCwiaXNzIjoiYXV0aC5kb2NrZXIuaW8iLCJqdGkiOiJFLTRJYTU2cnloVlhQbEktMzM0SCIsIm5iZiI6MTUxNzIzMTE5OCwic3ViIjoiIn0.eOoiVWUdfIvasBQOf--GNb-mxC0EwfKXZlxUhonbVMPYQMPGE2Z4FI0q1zjfuIII4_uBTtBWYTUYNM5LaF7apw","access_token":"eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlDTHpDQ0FkU2dBd0lCQWdJQkFEQUtCZ2dxaGtqT1BRUURBakJHTVVRd1FnWURWUVFERXp0Uk5Gb3pPa2RYTjBrNldGUlFSRHBJVFRSUk9rOVVWRmc2TmtGRlF6cFNUVE5ET2tGU01rTTZUMFkzTnpwQ1ZrVkJPa2xHUlVrNlExazFTekFlRncweE56QTFNREl5TWpBME5UZGFGdzB4T0RBMU1ESXlNakEwTlRkYU1FWXhSREJDQmdOVkJBTVRPMDFPTms0NlJraFVWenBKV0VWSE9rOUpOMUU2UVRWWFJqcFpSRVUwT2pkRE4wNDZSMWRKVVRvMVZ6STNPa2hPTlVvNlZVNURRVG95U0UxQ01Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRU5KRklhQ1hHNWYxSk9BZnZSaTJDU081K1Q5RVpKd2doai9SUXgzNW9Uc3Q4RnhXY0dRc3ZOMG5sdW5DVVdIbENxN2I4NFJRTXV0WUVIUnY4MVhweTU2T0JzakNCcnpBT0JnTlZIUThCQWY4RUJBTUNCNEF3RHdZRFZSMGxCQWd3QmdZRVZSMGxBREJFQmdOVkhRNEVQUVE3VFU0MlRqcEdTRlJYT2tsWVJVYzZUMGszVVRwQk5WZEdPbGxFUlRRNk4wTTNUanBIVjBsUk9qVlhNamM2U0U0MVNqcFZUa05CT2pKSVRVSXdSZ1lEVlIwakJEOHdQWUE3VVRSYU16cEhWemRKT2xoVVVFUTZTRTAwVVRwUFZGUllPalpCUlVNNlVrMHpRenBCVWpKRE9rOUdOemM2UWxaRlFUcEpSa1ZKT2tOWk5Vc3dDZ1lJS29aSXpqMEVBd0lEU1FBd1JnSWhBSTJVUlpMQVRTM3R4bjNpNTY0SXVQSFEwQU1Mb1g5cTZCMmdnN01KSHJuTkFpRUE0Q3lzbmtENHhjQm42amdobVdnQzczQjdGVkszenFnOTV4ZjNRK2xGVHlrPSJdfQ.eyJhY2Nlc3MiOltdLCJhdWQiOiJyZWdpc3RyeS5kb2NrZXIuaW8iLCJleHAiOjE1MTcyMzE3OTgsImlhdCI6MTUxNzIzMTQ5OCwiaXNzIjoiYXV0aC5kb2NrZXIuaW8iLCJqdGkiOiJFLTRJYTU2cnloVlhQbEktMzM0SCIsIm5iZiI6MTUxNzIzMTE5OCwic3ViIjoiIn0.eOoiVWUdfIvasBQOf--GNb-mxC0EwfKXZlxUhonbVMPYQMPGE2Z4FI0q1zjfuIII4_uBTtBWYTUYNM5LaF7apw","expires_in":300,"issued_at":"2018-01-29T13:11:38.061413343Z"}

I store the token in an environment variable:

export TOKEN=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlDTHpDQ0FkU2dBd0lCQWdJQkFEQUtCZ2dxaGtqT1BRUURBakJHTVVRd1FnWURWUVFERXp0Uk5Gb3pPa2RYTjBrNldGUlFSRHBJVFRSUk9rOVVWRmc2TmtGRlF6cFNUVE5ET2tGU01rTTZUMFkzTnpwQ1ZrVkJPa2xHUlVrNlExazFTekFlRncweE56QTFNREl5TWpBME5UZGFGdzB4T0RBMU1ESXlNakEwTlRkYU1FWXhSREJDQmdOVkJBTVRPMDFPTms0NlJraFVWenBKV0VWSE9rOUpOMUU2UVRWWFJqcFpSRVUwT2pkRE4wNDZSMWRKVVRvMVZ6STNPa2hPTlVvNlZVNURRVG95U0UxQ01Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRU5KRklhQ1hHNWYxSk9BZnZSaTJDU081K1Q5RVpKd2doai9SUXgzNW9Uc3Q4RnhXY0dRc3ZOMG5sdW5DVVdIbENxN2I4NFJRTXV0WUVIUnY4MVhweTU2T0JzakNCcnpBT0JnTlZIUThCQWY4RUJBTUNCNEF3RHdZRFZSMGxCQWd3QmdZRVZSMGxBREJFQmdOVkhRNEVQUVE3VFU0MlRqcEdTRlJYT2tsWVJVYzZUMGszVVRwQk5WZEdPbGxFUlRRNk4wTTNUanBIVjBsUk9qVlhNamM2U0U0MVNqcFZUa05CT2pKSVRVSXdSZ1lEVlIwakJEOHdQWUE3VVRSYU16cEhWemRKT2xoVVVFUTZTRTAwVVRwUFZGUllPalpCUlVNNlVrMHpRenBCVWpKRE9rOUdOemM2UWxaRlFUcEpSa1ZKT2tOWk5Vc3dDZ1lJS29aSXpqMEVBd0lEU1FBd1JnSWhBSTJVUlpMQVRTM3R4bjNpNTY0SXVQSFEwQU1Mb1g5cTZCMmdnN01KSHJuTkFpRUE0Q3lzbmtENHhjQm42amdobVdnQzczQjdGVkszenFnOTV4ZjNRK2xGVHlrPSJdfQ.eyJhY2Nlc3MiOltdLCJhdWQiOiJyZWdpc3RyeS5kb2NrZXIuaW8iLCJleHAiOjE1MTcyMzE3OTgsImlhdCI6MTUxNzIzMTQ5OCwiaXNzIjoiYXV0aC5kb2NrZXIuaW8iLCJqdGkiOiJFLTRJYTU2cnloVlhQbEktMzM0SCIsIm5iZiI6MTUxNzIzMTE5OCwic3ViIjoiIn0.eOoiVWUdfIvasBQOf--GNb-mxC0EwfKXZlxUhonbVMPYQMPGE2Z4FI0q1zjfuIII4_uBTtBWYTUYNM5LaF7apw

Then I make the call:

curl -i -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/_catalog

Which gives me another 401 response with the following challenge:

Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="registry:catalog:*",error="insufficient_scope"

I get the same error if I use the access-token. What am I doing wrong?

wheleph · February 14, 2018, 2:09pm

I found the answer in this thread.

Quote:

“The catalog endpoint does not work against Docker Hub because that endpoint actually lists all the repositories on a Registry, and we disabled it as it would list all repositories on Docker Hub.”

rquackenbush · February 26, 2018, 4:13pm

Ah - that makes sense. I’m still having issues getting tags for a repository though…

curl -v https://registry-1.docker.io/v2/ubuntu/tags/list

Expected response:

Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:ubuntu:pull"

However, when I get the token:

curl -v "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ubuntu:pull"

I export the .token property as $TOKEN

curl -i -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ubuntu/tags/list

I’m still getting the same error:

Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:ubuntu:pull",error="insufficient_scope"

In parsing the access token, I’m seeing this for the payload:

{
  "access": [],
  "aud": "registry.docker.io",
  "exp": 1519662414,
  "iat": 1519662114,
  "iss": "auth.docker.io",
  "jti": "l5p17tf8CGvX5MbGquTJ",
  "nbf": 1519661814,
  "sub": ""
}

I’m assuming that I would need to see something in the ‘access’ property (e.g. “pull”) in order for this to work?

wheleph · February 26, 2018, 9:25pm

I suspect that you observe this because you don’t specify the full repository name. The fact is that ubuntu is an alias for library/ubuntu and if I perform your steps for the full name the REST API works:

~ → TOKEN=`curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:library/ubuntu:pull" | jq .token | tr -d \"`
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2953    0  2953    0     0   4994      0 --:--:-- --:--:-- --:--:--  4988
~ → curl  -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/library/ubuntu/tags/list
{"name":"library/ubuntu","tags":["10.04","12.04.5","12.04","12.10","13.04","13.10","14.04.1","14.04.2","14.04.3","14.04.4","14.04.5","14.04","14.10","15.04","15.10","16.04","16.10","17.04","17.10","18.04","artful-20170511.1","artful-20170601","artful-20170619","artful-20170716","artful-20170728","artful-20170826","artful-20170916","artful-20171006","artful-20171019","artful-20171116","artful-20180112","artful-20180123","artful","bionic-20171114","bionic-20171214","bionic-20171220","bionic-20180125","bionic","devel","latest","lucid","precise-20150212","precise-20150228.11","precise-20150320","precise-20150427","precise-20150528","precise-20150612","precise-20150626","precise-20150729","precise-20150813","precise-20150924","precise-20151020","precise-20151028","precise-20151208","precise-20160108","precise-20160217","precise-20160225","precise-20160303","precise-20160311","precise-20160318","precise-20160330","precise-20160425","precise-20160503","precise-20160526","precise-20160624","precise-20160707","precise-20160819","precise-20160923.1","precise-20161102","precise-20161123","precise-20161209","precise-20170214","precise-20170331","precise","quantal","raring","rolling","saucy","trusty-20150218.1","trusty-20150228.11","trusty-20150320","trusty-20150427","trusty-20150528","trusty-20150612","trusty-20150630","trusty-20150730","trusty-20150806","trusty-20150814","trusty-20151001","trusty-20151009","trusty-20151021","trusty-20151028","trusty-20151208","trusty-20151218","trusty-20160119","trusty-20160217","trusty-20160226","trusty-20160302","trusty-20160315","trusty-20160317","trusty-20160323","trusty-20160405","trusty-20160412","trusty-20160424","trusty-20160503.1","trusty-20160526","trusty-20160624","trusty-20160711","trusty-20160802","trusty-20160819","trusty-20160914","trusty-20160923.1","trusty-20161006","trusty-20161101","trusty-20161123","trusty-20161214","trusty-20170119","trusty-20170214","trusty-20170330","trusty-20170602","trusty-20170620","trusty-20170719","trusty-20170728","trusty-20170817","trusty-20171117","trusty-20171207","trusty-20180112","trusty-20180123","trusty","utopic-20150211","utopic-20150228.11","utopic-20150319","utopic-20150418","utopic-20150427","utopic-20150528","utopic-20150612","utopic-20150625","utopic","vivid-20150218","vivid-20150309","vivid-20150319.1","vivid-20150421","vivid-20150427","vivid-20150528","vivid-20150611","vivid-20150802","vivid-20150813","vivid-20150930","vivid-20151021","vivid-20151106","vivid-20151111","vivid-20151208","vivid-20160122","vivid","wily-20150528.1","wily-20150611","wily-20150708","wily-20150731","wily-20150807","wily-20150818","wily-20150829","wily-20151006","wily-20151009","wily-20151019","wily-20151208","wily-20160121","wily-20160217","wily-20160302","wily-20160316","wily-20160329","wily-20160424","wily-20160503","wily-20160526","wily-20160602","wily-20160706","wily","xenial-20151218.1","xenial-20160119.1","xenial-20160125","xenial-20160217.2","xenial-20160226","xenial-20160303.1","xenial-20160314.4","xenial-20160317","xenial-20160331.1","xenial-20160422","xenial-20160503","xenial-20160525","xenial-20160629","xenial-20160706","xenial-20160713","xenial-20160809","xenial-20160818","xenial-20160914","xenial-20160923.1","xenial-20161010","xenial-20161114","xenial-20161121","xenial-20161213","xenial-20170119","xenial-20170214","xenial-20170410","xenial-20170417.1","xenial-20170510","xenial-20170517.1","xenial-20170619","xenial-20170710","xenial-20170802","xenial-20170915","xenial-20171006","xenial-20171114","xenial-20171201","xenial-20180112.1","xenial-20180123","xenial","yakkety-20160708","yakkety-20160717","yakkety-20160806.1","yakkety-20160826","yakkety-20160919","yakkety-20160923.1","yakkety-20161013","yakkety-20161104","yakkety-20161121","yakkety-20161213","yakkety-20170104","yakkety-20170224","yakkety-20170327","yakkety-20170517.1","yakkety-20170619","yakkety-20170704","yakkety","zesty-20161129.1","zesty-20161212","zesty-20170118","zesty-20170224","zesty-20170411","zesty-20170517.1","zesty-20170619","zesty-20170703","zesty-20170913","zesty-20170915","zesty-20171114","zesty-20171122","zesty"]}

rquackenbush · February 28, 2018, 5:04pm

That was it! Thank!

Topic		Replies	Views
Announcing: release of curl-like program that can query v2 registry with bearer auth Docker Engine dockerhub , hub	0	3693	May 27, 2016
Insufficient scope when trying to get image manifest Docker Hub docker	1	2677	November 1, 2019
Registry v2 - Token Auth example Open Source Registry API	7	6999	September 7, 2016
Incorrect scope class when trying to access plugins via v2 api Docker Hub	0	499	April 5, 2019
Authorization error when Registry api Docker Hub	0	1970	February 4, 2020

Registry V2 Catalog

Related topics