Repositories API Returns '401 Unauthorized' With Deploy Token


#1

I was thinking about creating an issue for this, but I thought I’d ask here first. Is this expected behavior?:

Summary

When using a deploy token to access the Repositories API for a private, group repository, the response is

{"message":"401 Unauthorized"}

Steps to reproduce

  1. Generate a new read_repository scoped deploy token for your project via https://gitlab.com/your_group/your_project/settings/repository/deploy_token/create#js-deploy-tokens
  2. Run curl --request GET --header 'PRIVATE-TOKEN: your_deploy_token' 'https://gitlab.com/api/v4/projects/your_project_id/repository/tree'

What is the current bug behavior?

The response is {"message":"401 Unauthorized"}

What is the expected correct behavior?

I expect this to return a list of repository files and directories in the project, because the deploy token should have read access to this repository.


#2

Ah, I just found this issue https://gitlab.com/gitlab-org/gitlab-ee/issues/5813