Use Deploy tokens to grant access to the Composer registry
Group deploy tokens with
read_package_registry scope do not grant access to the Composer Package registry.
GitLab responds with a 404 instead.
Steps to reproduce
- Create a group
- Add a project within the group and deploy a composer package to its registry
- Create a deploy token to the group with
- Use the deploy token to access the registry at
What is the current bug behavior?
You cannot access the
packages.json. It fails with a 404 error – maybe related to #232636 (closed).
The token needs
api_read access which cannot be granted.
What is the expected correct behavior?
We expect to see the
packages.json of the group.
Either deploy tokens need the
api_read scope or the Composer Package Registry should be accessible if the
read_package_registry scope was granted.