Using email to do docker login is failing

[ebriney]

Reported here by a user in for-mac.

In Docker for desktop we are using the cloud federation authentication api and with this api it is possible to do authentication with email instead of username.

It could be nice to add this in cli too.

Steps to reproduce the issue:

1. docker login
2. use your email as user
3. authentication failed

Describe the results you received:

#[10:36] $docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: user@mycompany.com
Password:
Error response from daemon: Get https://registry-1.docker.io/v2/: unauthorized: incorrect username or password

Describe the results you expected:

#[10:54] $docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: user@mycompany.com
Password:
Login Succeeded

Additional information you deem important (e.g. issue happens only occasionally):

Output of docker version:

Client:
 Version:   18.03.0-ce-rc3
 API version:   1.37
 Go version:    go1.9.4
 Git commit:    e730959
 Built: Thu Mar  8 20:12:09 2018
 OS/Arch:   darwin/amd64
 Experimental:  true
 Orchestrator:  kubernetes

Server:
 Engine:
  Version:  18.03.0-ce-rc3
  API version:  1.37 (minimum version 1.12)
  Go version:   go1.9.4
  Git commit:   e730959
  Built:    Thu Mar  8 20:20:22 2018
  OS/Arch:  linux/amd64
  Experimental: true```

Output of docker info:

Containers: 13
 Running: 0
 Paused: 0
 Stopped: 13
Images: 173
Server Version: 18.03.0-ce-rc3
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host ipvlan macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: cfd04396dc68220d1cecbe686a6cc3aa5ce3667c
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: 949e6fa
Security Options:
 seccomp
  Profile: default
Kernel Version: 4.9.87-linuxkit-aufs
Operating System: Docker for Mac
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 1.952GiB
Name: linuxkit-025000000001
ID: VJUA:FF4R:5TOO:UEUE:F2WS:BHNJ:JQAB:TT7E:HSRT:4ZCN:DMAV:VHWN
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
 File Descriptors: 23
 Goroutines: 45
 System Time: 2018-03-23T09:56:07.100434983Z
 EventsListeners: 4
HTTP Proxy: docker.for.mac.http.internal:3128
HTTPS Proxy: docker.for.mac.http.internal:3129
Registry: https://index.docker.io/v1/
Labels:
Experimental: true
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

**Additional environment details (AWS, VirtualBox, physical, etc.): docker for mac

[thaJeztah]

Yes this is expected; docker hub authentication uses the username, not email for authentication. This is confusing because the Web interface of Docker Hub does allow logging in with e-mail

Also see https://github.com/docker/hub-feedback/issues/1098#issuecomment-335000876

I suggested to have Docker Hub return an informative error if the provided username contains an @ (e.g. "Please log in using your username, not your e-mail address"), but that's a change that has to be made on Docker Hub (the docker cli cannot assume what an authentication service allows and what not)

[thaJeztah]

So; discussing this: the Docker for Mac UI allows logging in by e-mail, but possibly uses a different authentication mechanism

@nandhini915 @KickingTheTV what are our options here?

[ebriney]

But why we don't add --email in docker login? Is there a technical reason except that some registries may not support it?

[thaJeztah]

There was an --email option once, but it was used to automatically create a new account. I don't think Docker Hub takes an e-mail for logging in; it's username and password. If a registry supports authentication both through e-mail or username, I think the e-mail address has to be sent as username and handled by the authentication of the registry

[cycomachead]

The fact that my CLI currently does this is highly frustrating and confusing... :( It would be immensely helpful if the CLI could at least not suggest my email address, since some sites do use email as usernames. (even though that's a rant I'll omit!)

Username (cycomachead@gmail.com): cycomachead
Password: 
Login Succeeded

[thaJeztah]

Unfortunately this is something to be addressed by the registry (Docker Hub), as the cli itself cannot make the assumption of e-mail is supported or not (other registries may support authenticating using e-mail).

I did open an internal ticket for this, to make the registry return a more useful error message

[cycomachead]

Thanks! To be clear, the specific confusion that I wanted to highlight was that the docker CLI is looking to the Docker app and grabbing my email from there. (It was not suggested when I was not signed into the app.)

[thaJeztah]

Yes, that inconsistency is being looked into by the Desktop team