hub-feedback icon indicating copy to clipboard operation
hub-feedback copied to clipboard
verified publisher icon docker

Audit Logs API - Forbidden When Using PAT Authentication

Open obelisk opened this issue 2 years ago • 2 comments

Problem description

Audit Logs API - Forbidden When Using PAT Authentication

I've done the standard login and gotten a JWT to use, but calling the auditlogs API returns an unhelpful:

{"message":"forbidden","errinfo":{}}

I've tried all different permission levels for PATs but none seem to give me a token that is accepted. We cannot use username and password authentication due to enforcement of SSO. Am I missing something obvious to make this work?

obelisk avatar Jan 19 '24 00:01 obelisk

@obelisk We discovered the following after having the identical experience:

  • the requesting dockerhub user must be an owner;
  • if the request is programatic, the user must either have 2fa disabled or else handle 2fa programatically (there's an associated API call);
  • the user must log in with its associated password, and not with the alternative login technique of using a user-generated API token instead of the password;
  • the login returns a session token: this is the token to be used in the auditlog request.

After banging our heads against the wall for a while, we discovered that this works.

davidr-bt avatar Jul 24 '24 22:07 davidr-bt

@davidr-bt Do you mean that I have to use the user's password and not a PAT?

azxqw avatar Aug 27 '24 09:08 azxqw