Audit Logs API - Forbidden When Using PAT Authentication

[obelisk]

Problem description

Audit Logs API - Forbidden When Using PAT Authentication

I've done the standard login and gotten a JWT to use, but calling the auditlogs API returns an unhelpful:

{"message":"forbidden","errinfo":{}}

I've tried all different permission levels for PATs but none seem to give me a token that is accepted. We cannot use username and password authentication due to enforcement of SSO. Am I missing something obvious to make this work?

[davidr-bt]

@obelisk We discovered the following after having the identical experience:

• the requesting dockerhub user must be an owner;
• if the request is programatic, the user must either have 2fa disabled or else handle 2fa programatically (there's an associated API call);
• the user must log in with its associated password, and not with the alternative login technique of using a user-generated API token instead of the password;
• the login returns a session token: this is the token to be used in the auditlog request.

After banging our heads against the wall for a while, we discovered that this works.

[azxqw]

@davidr-bt Do you mean that I have to use the user's password and not a PAT?