Why does docker pulling from dockerhub work even I've made an access token?

Access tokens will not help you while pulling the images as you are using a public repo. Access tokens are an alternative to password only. Access tokens can be used as a substitute for your password in Docker Hub, especially for integrating your Hub account with other tools. The advantage of using tokens is the ability to create and manage multiple tokens at once so you can generate different tokens for each integration and revoke them independently at any time. Using Docker CLI, you can use tokens to access Hub images.

Access tokens provides advantages over a password:

• You can investigate the last usage of the access token and disable or
  delete it if you find any suspicious activity.

• When using an access token, you can’t perform any admin activity on
  the account, including changing the password.

For creating a token,you have access to 4 scopes:

• Read, write, delete: The scope of this token allows you to read, write and delete all of the repos that you have access to. (It does not allow you to modify account settings as a password authentication would).
• Read, write: This scope is for read/write within repos you have access to (all the public content on Hub & your private content).This is the sort of scope to use within a CI that is also pushing to a repo.
• Read only: This scope is read only for all repos you have have access to, this is great when used in production where it only needs to pull content from repos to run it.
• Public repo read only: This scope is for reading only public content, so nothing from your or your team’s repos. This is great when you want to set up a system which is just pulling say Docker Official Images or Trusted content from Docker Hub.