Ideally I'd like to be able to list and/or search for repositories within that user (i.e. public and private, assuming I have an access token that allows me to pull those private repos)
This requires custom tooling just for Docker Hub, which exists as the experimental hub-tool. It's not built into other tools because the repository listing API in registries isn't limited to a user or organization. And the API that queries for all repositories is disabled on most SaaS registries because of scaling, privacy, and security reasons. With hub-tool, the command for that looks like:
$ hub-tool repo ls $user_or_org --format json
as well as tags within each repo
This is a lot easier. It's available from registry APIs, and Hub specific APIs. With hub-tool, that's:
$ hub-tool tag ls $org/$repo --format json
(In each of these, I'm using json formatting assuming you want to script the output.)
Other tools work on any registry, including Google's crane, RedHat's skopeo, and my own regclient.
$ crane ls $repo
$ skopeo list-tags docker://$reppo
$ regctl tag ls $repo
Each of these has different ways to login with your PAT.
$ hub-tool login
$ crane auth login $registry
$ skopeo login $registry
$ regctl registry login $registry
With curl, you need to login to get a token using your username and PAT there. This is all Hub specific, so I'd recommend using one of the above tools instead of curl for portability to other registries:
$ cat ./manifest-v2-auth.sh
#!/bin/sh
ref="${1:-library/ubuntu:latest}"
sha="${ref#*@}"
if [ "$sha" = "$ref" ]; then
sha=""
fi
wosha="${ref%%@*}"
repo="${wosha%:*}"
tag="${wosha##*:}"
if [ "$tag" = "$wosha" ]; then
tag="latest"
fi
token=$(curl -s "https://auth.docker.io/token?service=registry.docker.io&scope=repository:${repo}:pull" \
-u "$username:$user_pat" \
| jq -r '.token')
curl -H "Authorization: Bearer $token" \
-s "https://registry-1.docker.io/v2/${repo}/tags/list" | jq .
