Closed ViggoV closed 2 hours ago
Hey @ViggoV ,
according to the logs, when you start Docker Desktop and get logged out, the reason is because there is no network connectivity to https://hub.docker.com/api/content/v1/entitlement/...
.
Would you mind trying to reproduce the bug but not when the computer starts? (ie: when you have fully working network connectivity)
Also, there are 2 ways of enforcing SignIn by administrators. You can checks these files on your laptop:
/Library/Application Support/com.docker.docker/registry.json
/Library/Application Support/com.docker.docker/desktop.plist
If one of these files is present on your filesystem, then your admin is enforcing SignIn with an account belonging to your organization.@jpbriend Neither of those files exist
As mentioned in the original post I cannot replicate it when signing out and in while the machine is on. It only happens when I boot up, and only occasionally (presumably when my login token expires). Since you mention network connectivity I suspect our Cloudflare Warp setup is part of the problem. It tends to cause some "no internet" issues now and again, but it is still a bug that Docker insists that I'm required to sign in.
Also, I rarely need to be signed in, since all of our private images are build in CI and never used locally. It seems counterproductive for security to force sign in, as it means the computer always have access to the private repository should in fall into wrong hands.. But i digress
Docker Desktop has a mechanism to handle network issues at startup (the most common use-case is the computer starts Docker Desktop so fast that wifi does not yet have time to connect): it retries to automatically sign-in the user every 10 seconds. Having your login token expire should be quite rare because we use an access_token (TTL a few minutes) and a refresh_token (many days). IIRC the refresh_token expires after 30 days if not used or after 90 days if used. That would mean if you use Docker Desktop at least once a month, you should be asked to sign-in again 90 days after your previous sign-in. But it seems to be more often in your case, am I right?
Except these 2 files present on the file system, only enabled Business features (such as Enhanced Container Isolation) can require you to sign in. According to the diagnostic, you did not enabled this feature. To me it looks like a bug where the sign-in enforcement mechanism is triggered when it shouldn't. The tricky part is now going to be able to reproduce the bug.
Whenever the bug occurs again, would you mind generating a new diagnostic as soon as sign-in is enforced? (don't sign-in again, you can generate a diagnostic using CLI even if Docker Desktop is waiting for you to sign-in: https://docs.docker.com/desktop/troubleshoot/#diagnose-from-the-terminal#mac)
I'll try to remember it, but it is quite rare that I find myself logged out. 30 days sounds about right. I almost never use the desktop app as I prefer CLI, and I also almost never push or pull from the private repository. Might that be a factor?
@ViggoV I found the bug, I'm working on a fix.
It will not get into 4.35
but definitively in 4.36
.
Wonderful! Thanks for your help
Description
Every so often when i turn on my laptop Docker signs me out, and then tells me than signin is required by my admin. My admin has not set any such restrictions and, as far as I can tell, should not have any authority over my local docker installation, since my account is not owned by the Organization, but is only a member.
Reproduce
I am not sure exactly what goes wrong but these are the conditions under which I experience the bug:
Note: the issue does not occur if I sign out manually
Expected behavior
Docker desktop should launch normally, optionally letting me know that I'm signed out. Ideally only notify me if and when I am trying to pull from a private repository.
docker version
docker info
Diagnostics ID
C143C871-FDEA-4805-A439-17B7216786F5/20240924080540
Additional Info
No response