action-doctl icon indicating copy to clipboard operation
action-doctl copied to clipboard
verified publisher icon digitalocean

Update login to use new limited scopes for token

Open kenkendk opened this issue 1 year ago • 0 comments

The login action currently requests scope "read write", meaning a "full access" token is required. Digital Ocean access tokens now supports more granular scopes, but using a token with only read+update on registry fails, because the auth requests too broad a scope:

Run doctl registry login --expiry-seconds 1200
  doctl registry login --expiry-seconds 1200
  shell: /usr/bin/bash -e {0}
Logging Docker in to registry.digitalocean.com
Error: GET https://api.digitalocean.com/v2/registry/docker-credentials?expiry_seconds=1200&read_write=true: 403 (request "34fe003d-496e-4c9e-b689-558c7396b9e3") you do not have access for the attempted action
Error: Process completed with exit code 1.

kenkendk avatar Jul 04 '24 10:07 kenkendk