Bearer Token

Question

Bearer Token

yigitpolat opened this issue 2 years ago · 7 comments

I execute below command to see which images exists in the registry but receving an error message also posted as an output of the command.

$ curl -u <username>:<password> -k https://<hostname>:8443/v2/_catalog
{"error": "Invalid bearer token format"}

Is there anyway to retrieve the token, otherwise is there any other way of listing images?
Thank you in advance

yigitpolat commented 2 years ago

Thanks !

Answer 1 · 2022-07-07T12:32:46.000Z

v2/_catalog endpoint is a Docker v2 endpoint and you need a JWT bearer token to use it. To get one:

curl --user username:password -k "https://QUAY_HOSTNAME/v2/auth?service=QUAY_HOSTNAME?scope=repository:namespace/repository:pull"
curl -H "Authorization: Bearer JWT_TOKEN_FROM_PREVIOUS_CALL" -k https://QUAY_HOSTNAME/v2/_catalog

You'll then get a list of all namespaces and repos you have access to. The _catalog endpoint is very heavy on the db, which is why it's behind auth. An alternative approach is to use Quay's v1 API to list repos inside namespaces:

https://docs.quay.io/api/swagger/#!/repository/listRepos

HTH!

Answer 2 · 2022-07-22T13:19:38.000Z

@ibazulic a topic just out of curiosity.
Do you have a content that I can read more about v1 vs v2 api endpoints.
To illustrate, when you say Quay's v1 API, I assume it is different then Docker v1.
And also when I looked for Quay v2 API, I couldnt find any information. So I assume Docker v2 and Quay v2 are in different contexts.
I hope I could be clear on my confusion.

Answer 3 · 2022-07-22T13:21:50.000Z

@yigitpolat Quay has its own v1 API which is described on

https://docs.quay.io/api/swagger

This is not the same as Docker's v1 API which no one uses anymore. There is no Quay v2 API, but Quay fully supports Docker's v2 api which can be found here:

https://docs.docker.com/registry/spec/api/

Does that answer your question?

Answer 4 · 2022-07-22T13:26:14.000Z

@ibazulic it was extremely fast response. Thanks for that.
It clarifies most of the thing. Just one more point and it will be clear.
Is quay top of Docker Registry (https://docs.docker.com/registry/), so that it supports Docker's v2?

Answer 5 · 2022-07-22T13:34:38.000Z

I guess I am mistaking the concepts, but I should have mean Docker Protocol instead of Docker Registry.

Answer 6 · 2022-10-11T08:34:40.000Z

Hi Yigit- yes, Quay supports Docker V2 API. You can use the docker CLI with it no problem. Bill Dettelback He/Him Sr. Engineering Manager, Quay / OpenShift Registry Red Hat <https://www.redhat.com/>

…

On Jul 22, 2022, at 9:34 AM, Yigit Polat ***@***.***> wrote: I guess I am mistaking the concepts, but I should have mean Docker Protocol instead of Docker Registry. — Reply to this email directly, view it on GitHub <#71 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AABQYQVVKQGTFZHDOR6WVZ3VVKPPTANCNFSM525DQDZA>. You are receiving this because you are subscribed to this thread.