Fine grained permission/scopes on personal access token
manishtomar opened this issue ยท 9 comments
Tell us about your request
Add fine grained permission/scopes to personal access token to allow accessing non-registry APIs similar to how Github provides. This is an extension of Official REST API feature and requires that to be supported first.
Which service(s) is this request for?
Docker Hub
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
I cannot automate many tasks in Hub. For example, after enabling 2FA If I am not using autobuilds I cannot update the repository's readme to VCS's readme.
Are you currently working around the issue?
Disabling 2FA and reverse engineering existing APIs from browser.
Additional context
docker/hub-feedback#2006
docker/hub-feedback#1927
I would be happy with just specific token for updating the image description. Just a single hardcoded function, without scope management.
Hi guys, been following this for a while but is there any word on this?
@nebuk89 so will there be documentations on how this work? Or just have 2FA enabled and use access tokens like normal?
There's this blog post about it, but it seems like it's only intended for paid users: https://www.docker.com/blog/level-up-security-with-scoped-access-tokens/
There's this blog post about it, but it seems like it's only intended for paid users: https://www.docker.com/blog/level-up-security-with-scoped-access-tokens/
@nebuk89, even with read, write, delete scope it doesn't allow updating readmes or descriptions unfortunately, so I wouldn't consider this issue closed yet.
https://drone.modem7.com/modem7/Dnscrypt-Proxy/14/1/3
Any update?
Any update?
Best comment on docker/hub-tool#172 as this is for some reason closed. Even though it didn't resolve the original problem at all.
same for me, I tried but it didn't seem to work. Not even with a paid Docker account. Does this work for anyone here? If so, I'd appreciate a pointer into the right direction.