I was thinking about creating an issue for this, but I thought I’d ask here first. Is this expected behavior?:
When using a deploy token to access the Repositories API for a private, group repository, the response is
Steps to reproduce
- Generate a new
read_repositoryscoped deploy token for your project via https://gitlab.com/your_group/your_project/settings/repository/deploy_token/create#js-deploy-tokens
curl --request GET --header 'PRIVATE-TOKEN: your_deploy_token' 'https://gitlab.com/api/v4/projects/your_project_id/repository/tree'
What is the current bug behavior?
The response is
What is the expected correct behavior?
I expect this to return a list of repository files and directories in the project, because the deploy token should have read access to this repository.