Can't access to Gitlab Docker Registry using an Oauth access token (with read_registry scope enabled)
Summary
I have a situation where users have explicity authorized my application to read the Gitlab Docker Registry, but I can't login to the registry without asking for additional credentials (user's password or personal access tokens).
Steps to reproduce
- Authorize an oauth application to access to read Gitlab Docker Registry (read_registry scope)
- Exchange the code for an oauth access token with read_registry enabled
- Use the Oauth access token to try to login to the Gitlab Docker Registry (registry.gitlab.com)
What is the current bug behavior?
- The user explicitly authorize my application to read the Gitlab Docker Registry
- I exchanged the code for an OAuth access token:
API endpoint: https://gitlab.com/oauth/token Response: '{"access_token":"","token_type":"bearer","refresh_token":"","scope":"api read_user read_registry","created_at":1509442401}'
As you can see the response confirms that I have access to the read_registry scope.
1. There is no way I can use the access token to login to the docker registry.
Tried:
* docker login -u *username* -p *user_password* registry.gitlab.com
It works
* docker login -u *email* -p *user_password* registry.gitlab.com
It works
* docker login -u gitlab-ci-token -p *personal_access_token* registry.gitlab.com
It works
* docker login -u gitlab-ci-token -p *oauth_access_token* registry.gitlab.com
It doesn't work :(
### What is the expected *correct* behavior?
If the user has authorized my application to read the Gitlab Docker Registry, there is no need to ask for additional permissions (user password or a personal access token) to access the Registry.
### Relevant logs and/or screenshots
### Output of checks
This bug happens on GitLab.com
### Possible fixes
If the oauth access token has access to the read_registry scope, the docker container registry should accept this token for authentication.Edited by Ariel Camino