docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #22002 from technicallyjosh/main 

Add new auth token docs
This commit is contained in:
Josh 2025-02-12 12:38:30 -07:00 committed by GitHub
parent e6d34217e8 64dfe010e1
commit dc2456054f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 135 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/reference/api/hub/latest.md
View File

@ -1,6 +1,6 @@
--- ---
layout: api layout: api
description: Reference documentation and Swagger (OpenAPI) specification for the Docker Hub API. description: Reference documentation and OpenAPI specification for the Docker Hub API.
title: Docker Hub API reference title: Docker Hub API reference
linkTitle: Docker Hub API linkTitle: Docker Hub API
--- ---

139
content/reference/api/hub/latest.yaml
View File

@ -1,4 +1,6 @@
openapi: 3.0.0 # yaml-language-server: $schema=https://raw.githubusercontent.com/OAI/OpenAPI-Specification/refs/heads/main/schemas/v3.0/schema.yaml
openapi: 3.0.3
info: info:
title: Docker HUB API title: Docker HUB API
version: beta version: beta
@ -111,14 +113,18 @@ paths:
- authentication - authentication
summary: Create an authentication token summary: Create an authentication token
operationId: PostUsersLogin operationId: PostUsersLogin
security: []
deprecated: true
description: | description: |
Creates and returns a bearer token in JWT format that you can use to authenticate with Docker Hub APIs. Creates and returns a bearer token in JWT format that you can use to authenticate with Docker Hub APIs.
The returned token is used in the HTTP Authorization header like `Authorization: Bearer {TOKEN}`. The returned token is used in the HTTP Authorization header like `Authorization: Bearer {TOKEN}`.
Most Docker Hub APIs require this token either to consume or to get detailed information. For example, to list images in a private repository. _**As of September 16, 2024, this route requires a personal access token (PAT) instead of a password if your organization has SSO enforced.**_
_**As of September 16, 2024, this route requires a PAT instead of a password if your organization has SSO enforced.**_ <div style="background-color:rgb(255, 165, 0, .25); padding:5px; border-radius:4px">
<strong>Deprecated</strong>: Use [<a href="#tag/authentication/operation/AuthCreateAccessToken">Create access token</a>] instead.
</div>
requestBody: requestBody:
content: content:
application/json: application/json:
@ -145,6 +151,7 @@ paths:
- authentication - authentication
summary: Second factor authentication summary: Second factor authentication
operationId: PostUsers2FALogin operationId: PostUsers2FALogin
security: []
description: | description: |
When a user has two-factor authentication (2FA) enabled, this is the second call to perform after `/v2/users/login` call. When a user has two-factor authentication (2FA) enabled, this is the second call to perform after `/v2/users/login` call.
@ -168,17 +175,65 @@ paths:
schema: schema:
$ref: '#/components/schemas/PostUsersLoginSuccessResponse' $ref: '#/components/schemas/PostUsersLoginSuccessResponse'
'401': '401':
description: Authentication failed or second factor required description: Authentication failed
content: content:
application/json: application/json:
schema: schema:
$ref: '#/components/schemas/PostUsers2FALoginErrorResponse' $ref: '#/components/schemas/PostUsers2FALoginErrorResponse'
/v2/auth/token:
post:
tags:
- authentication
security: []
summary: Create access token
operationId: AuthCreateAccessToken
description: |
Creates and returns a short-lived access token in JWT format for use as a bearer when calling Docker APIs.
If successful, the access token returned should be used in the HTTP Authorization header like
`Authorization: Bearer {access_token}`.
_**If your organization has SSO enforced, you must use a personal access token (PAT) instead of a password.**_
requestBody:
content:
application/json:
schema:
description: Request to create access token
type: object
required:
- identifier
- secret
properties:
identifier:
description: |
The identifier of the account to create an access token for. If using a password or personal access token,
this must be a username. If using an organization access token, this must be an organization name.
type: string
example: myusername
secret:
description: |
The secret of the account to create an access token for. This can be a password, personal access token, or
organization access token.
type: string
example: dckr_pat_124509ugsdjga93
responses:
'200':
description: Token created
content:
application/json:
schema:
$ref: '#/components/schemas/AuthCreateTokenResponse'
'401':
description: Authentication failed
$ref: '#/components/responses/unauthorized'
/v2/access-tokens: /v2/access-tokens:
post: post:
summary: Create a personal access token summary: Create a personal access token
description: Creates and returns a personal access token. description: Creates and returns a personal access token.
tags: tags:
- access-tokens - access-tokens
security:
- bearerAuth: []
requestBody: requestBody:
content: content:
application/json: application/json:
@ -201,6 +256,8 @@ paths:
description: Returns a paginated list of personal access tokens. description: Returns a paginated list of personal access tokens.
tags: tags:
- access-tokens - access-tokens
security:
- bearerAuth: []
parameters: parameters:
- in: query - in: query
name: page name: page
@ -236,6 +293,8 @@ paths:
Updates a personal access token partially. You can either update the token's label or enable/disable it. Updates a personal access token partially. You can either update the token's label or enable/disable it.
tags: tags:
- access-tokens - access-tokens
security:
- bearerAuth: []
requestBody: requestBody:
content: content:
application/json: application/json:
@ -258,6 +317,8 @@ paths:
description: Returns a personal access token by UUID. description: Returns a personal access token by UUID.
tags: tags:
- access-tokens - access-tokens
security:
- bearerAuth: []
responses: responses:
'200': '200':
description: OK description: OK
@ -281,6 +342,8 @@ paths:
Deletes a personal access token permanently. This cannot be undone. Deletes a personal access token permanently. This cannot be undone.
tags: tags:
- access-tokens - access-tokens
security:
- bearerAuth: []
responses: responses:
'204': '204':
description: A successful response. description: A successful response.
@ -293,6 +356,8 @@ paths:
summary: Returns list of audit log events summary: Returns list of audit log events
description: Get audit log events for a given namespace. description: Get audit log events for a given namespace.
operationId: AuditLogs_GetAuditLogs operationId: AuditLogs_GetAuditLogs
security:
- bearerAuth: []
responses: responses:
'200': '200':
description: A successful response. description: A successful response.
@ -401,6 +466,8 @@ paths:
description: | description: |
Get audit log actions for a namespace to be used as a filter for querying audit events. Get audit log actions for a namespace to be used as a filter for querying audit events.
operationId: AuditLogs_GetAuditActions operationId: AuditLogs_GetAuditActions
security:
- bearerAuth: []
responses: responses:
'200': '200':
description: A successful response. description: A successful response.
@ -498,6 +565,8 @@ paths:
Returns organization settings by name. Returns organization settings by name.
tags: tags:
- org-settings - org-settings
security:
- bearerAuth: []
responses: responses:
'200': '200':
description: OK description: OK
@ -522,6 +591,8 @@ paths:
- `restricted_images` - `restricted_images`
tags: tags:
- org-settings - org-settings
security:
- bearerAuth: []
requestBody: requestBody:
content: content:
application/json: application/json:
@ -559,6 +630,8 @@ paths:
summary: List repository tags summary: List repository tags
tags: tags:
- repositories - repositories
security:
- bearerAuth: []
parameters: parameters:
- in: query - in: query
name: page name: page
@ -583,6 +656,8 @@ paths:
summary: Check repository tags summary: Check repository tags
tags: tags:
- repositories - repositories
security:
- bearerAuth: []
responses: responses:
'200': '200':
description: Repository contains tags description: Repository contains tags
@ -599,6 +674,8 @@ paths:
summary: Read repository tag summary: Read repository tag
tags: tags:
- repositories - repositories
security:
- bearerAuth: []
responses: responses:
'200': '200':
$ref: '#/components/responses/get_tag' $ref: '#/components/responses/get_tag'
@ -610,6 +687,8 @@ paths:
summary: Check repository tag summary: Check repository tag
tags: tags:
- repositories - repositories
security:
- bearerAuth: []
responses: responses:
'200': '200':
description: Repository tag exists description: Repository tag exists
@ -633,6 +712,8 @@ paths:
Returns a list of members for an organization" Returns a list of members for an organization"
tags: tags:
- orgs - orgs
security:
- bearerAuth: []
responses: responses:
'200': '200':
description: List of members description: List of members
@ -660,6 +741,8 @@ paths:
Export members of an organization as a CSV Export members of an organization as a CSV
tags: tags:
- orgs - orgs
security:
- bearerAuth: []
responses: responses:
'200': '200':
description: Exported members description: Exported members
@ -731,6 +814,8 @@ paths:
***Only users in the "owners" group of the organization can use this endpoint.*** ***Only users in the "owners" group of the organization can use this endpoint.***
tags: tags:
- orgs - orgs
security:
- bearerAuth: []
requestBody: requestBody:
required: true required: true
content: content:
@ -767,6 +852,8 @@ paths:
Removes the member from the org, ie. all groups in the org, unless they're the last owner Removes the member from the org, ie. all groups in the org, unless they're the last owner
tags: tags:
- orgs - orgs
security:
- bearerAuth: []
responses: responses:
'204': '204':
description: Member removed successfully description: Member removed successfully
@ -788,6 +875,8 @@ paths:
Return all pending invites for a given org, only team owners can call this endpoint Return all pending invites for a given org, only team owners can call this endpoint
tags: tags:
- invites - invites
security:
- bearerAuth: []
responses: responses:
'200': '200':
description: '' description: ''
@ -814,6 +903,8 @@ paths:
summary: Get groups of an organization summary: Get groups of an organization
tags: tags:
- groups - groups
security:
- bearerAuth: []
parameters: parameters:
- $ref: '#/components/parameters/page' - $ref: '#/components/parameters/page'
- $ref: '#/components/parameters/page_size' - $ref: '#/components/parameters/page_size'
@ -858,6 +949,8 @@ paths:
description: Create a new group within an organization. description: Create a new group within an organization.
tags: tags:
- groups - groups
security:
- bearerAuth: []
requestBody: requestBody:
content: content:
application/json: application/json:
@ -891,6 +984,8 @@ paths:
summary: Get a group of an organization summary: Get a group of an organization
tags: tags:
- groups - groups
security:
- bearerAuth: []
responses: responses:
'200': '200':
description: '' description: ''
@ -908,6 +1003,8 @@ paths:
summary: Update the details for an organization group summary: Update the details for an organization group
tags: tags:
- groups - groups
security:
- bearerAuth: []
requestBody: requestBody:
content: content:
application/json: application/json:
@ -936,6 +1033,8 @@ paths:
summary: Update some details for an organization group summary: Update some details for an organization group
tags: tags:
- groups - groups
security:
- bearerAuth: []
requestBody: requestBody:
content: content:
application/json: application/json:
@ -962,6 +1061,8 @@ paths:
summary: Delete an organization group summary: Delete an organization group
tags: tags:
- groups - groups
security:
- bearerAuth: []
responses: responses:
'204': '204':
description: Group deleted successfully description: Group deleted successfully
@ -974,6 +1075,8 @@ paths:
/v2/orgs/{org_name}/groups/{group_name}/members: /v2/orgs/{org_name}/groups/{group_name}/members:
x-audience: public x-audience: public
get: get:
security:
- bearerAuth: []
parameters: parameters:
- $ref: '#/components/parameters/org_name' - $ref: '#/components/parameters/org_name'
- $ref: '#/components/parameters/group_name' - $ref: '#/components/parameters/group_name'
@ -1023,6 +1126,8 @@ paths:
summary: Adds a member to a group summary: Adds a member to a group
tags: tags:
- groups - groups
security:
- bearerAuth: []
requestBody: requestBody:
$ref: '#/components/requestBodies/add_member_to_org_group' $ref: '#/components/requestBodies/add_member_to_org_group'
responses: responses:
@ -1046,6 +1151,8 @@ paths:
summary: Removes a user from a group summary: Removes a user from a group
tags: tags:
- groups - groups
security:
- bearerAuth: []
responses: responses:
'204': '204':
description: User removed successfully description: User removed successfully
@ -1069,6 +1176,8 @@ paths:
Mark the invite as cancelled so it doesn't show up on the list of pending invites Mark the invite as cancelled so it doesn't show up on the list of pending invites
tags: tags:
- invites - invites
security:
- bearerAuth: []
responses: responses:
'204': '204':
description: '' description: ''
@ -1092,6 +1201,8 @@ paths:
Resend a pending invite to the user, any org owner can resend an invite Resend a pending invite to the user, any org owner can resend an invite
tags: tags:
- invites - invites
security:
- bearerAuth: []
responses: responses:
'204': '204':
description: '' description: ''
@ -1113,6 +1224,8 @@ paths:
- invites - invites
requestBody: requestBody:
$ref: '#/components/requestBodies/bulk_invite_request' $ref: '#/components/requestBodies/bulk_invite_request'
security:
- bearerAuth: []
responses: responses:
'202': '202':
description: Accepted description: Accepted
@ -1639,6 +1752,14 @@ components:
The password or personal access token (PAT) of the Docker Hub account to authenticate with. The password or personal access token (PAT) of the Docker Hub account to authenticate with.
type: string type: string
example: p@ssw0rd example: p@ssw0rd
AuthCreateTokenResponse:
description: successful access token response
type: object
properties:
access_token:
description: The created access token. This expires in 10 minutes.
type: string
example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
PostUsersLoginSuccessResponse: PostUsersLoginSuccessResponse:
description: successful user login response description: successful user login response
type: object type: object
@ -2744,6 +2865,14 @@ components:
member: member:
type: string type: string
example: jonsnow example: jonsnow
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
bearerSCIMAuth:
type: http
scheme: bearer
x-tagGroups: x-tagGroups:
- name: General - name: General
tags: tags: