cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon docker

🚧 Add support for OAuth device-code login 🚧

Open laurazard opened this issue 1 year ago • 5 comments

- What I did

WIP PR for discussion that adds support for the device-code flow OAuth login, when authenticating against the official registry.

I'll follow up with another PR to explore implementing this at the credential store layer/using a new credential store.

- How I did it

Added cli/internal/oauth, which includes a new OAuthManager that is capable of fulfilling a device-code flow against the official registry.

Fetching credentials remains the same, as the returned access token can be transparently used in place of the password when authenticating.

Login and logout flows now defer to OAuthManager when running against the official registry.

- How to verify it

Run docker login, and check your credentials store to find the stored access tokens. Attempt to do an operation which requires authentication (such as pushing an image to your repo) and verify it works.

- Description for the changelog

Added support for the device-code flow OAuth login, when authenticating against the official registry.

- A picture of a cute animal (not mandatory but encouraged)

Screenshot 2024-07-01 at 13 57 11

laurazard avatar Jul 03 '24 10:07 laurazard

Codecov Report

Attention: Patch coverage is 52.19298% with 109 lines in your changes missing coverage. Please review.

Project coverage is 61.39%. Comparing base (6abed4e) to head (4029dbc). Report is 4 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #5221      +/-   ##
==========================================
- Coverage   61.48%   61.39%   -0.09%     
==========================================
  Files         298      302       +4     
  Lines       20813    21037     +224     
==========================================
+ Hits        12797    12916     +119     
- Misses       7104     7192      +88     
- Partials      912      929      +17

codecov-commenter avatar Jul 03 '24 11:07 codecov-commenter

Recording with the UX/copy changes:

https://github.com/docker/cli/assets/70572044/8032e70b-8633-4d67-85b8-2b3002eb9c18

laurazard avatar Jul 03 '24 14:07 laurazard

you're probably doing this already... but can we hide the "Authenticating with existing credentials" (and error) bit if that isn't happening?

dvdksn avatar Jul 03 '24 16:07 dvdksn

misclick 😓

dvdksn avatar Jul 03 '24 16:07 dvdksn

you're probably doing this already... but can we hide the "Authenticating with existing credentials" (and error) bit if that isn't happening?

Yep! That message should only show up when we're actually logging in with existing credentials, what happened in that video was misleading because in truth we already had credentials, the "first" login (with those credentials) just failed for different reasons. I'll update the recording.

laurazard avatar Jul 03 '24 16:07 laurazard

Superseded by https://github.com/docker/cli/pull/5244 or https://github.com/docker/cli/pull/5245

laurazard avatar Jul 08 '24 13:07 laurazard