search

docker / hub-feedback

Feedback and bug reports for the Docker Hub
https://hub.docker.com
233 stars 48 forks source link

docker login no longer working with personal access token #2285

Closed aldobongio closed 1 year ago

aldobongio commented 1 year ago

Hello, today suddendly performing a docker login from the shell (Windows 11 Powershell) using a personal access token as password doesn't work. Switching to the real account password the login works.

This is the output:

docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: <REDACTED>
Password: <A PERSONAL ACCESS TOKEN>
Error saving credentials: error storing credentials - err: exit status 1, out: `getting entitlement: request to https://accounts-api.s.us-east-1.aws.dckr.io/v2/users/<REDACTED>/orgs/?page_size=2147483647 failed with status 403: {"message":"access is forbidden with a JWT issued from a personal access token","errinfo":{}}`

docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: <REDACTED>
Password: <THE REAL USER PASSWORD>
Login Succeeded
SenseiMarv commented 1 year ago

I can also reproduce this on macOS with ZSH. docker version:

Client:
 Cloud integration: v1.0.29
 Version:           20.10.20
 API version:       1.41
 Go version:        go1.18.7
 Git commit:        9fdeb9c
 Built:             Tue Oct 18 18:20:35 2022
 OS/Arch:           darwin/arm64
 Context:           desktop-linux
 Experimental:      true

Server: Docker Desktop 4.13.1 (90346)
 Engine:
  Version:          20.10.20
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.18.7
  Git commit:       03df974
  Built:            Tue Oct 18 18:18:16 2022
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.6.8
  GitCommit:        9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6
 runc:
  Version:          1.1.4
  GitCommit:        v1.1.4-0-g5fd4c4d
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

A workaround, for now, is to edit ~/.docker/config.json and docker login again:

{
    "auths": {
        "https://index.docker.io/v1/": {}
    },
-   "credsStore": "desktop",
    "currentContext": "desktop-linux"
}

This has the following implications though:

ingshtrom commented 1 year ago

Thank you for the report and I am sorry to hear about these issues you are running into. 😞

As an immediate workaround, you can also specify the registry you want to login to with docker login registry-1.docker.io rather than only docker login--this will bypass the issue you are experiencing.

In order to get docker login working again, we might need to debug things a bit more...

This might sound weird, but could you try clearing your system-level DNS cache?

We deployed a bad networking configuration and we have seen flushing DNS caches to help in some scenarios. The bad configuration has been rolled back, but clients seem to have the HTTP response cached at a system level.

Please, let us know if this helped or did not. Thank you for the report.

aldobongio commented 1 year ago

I confirm that the login with the explicit server registry-1.docker.io works. Without the explicit server it still doesn't work, also flushing the DNS.

DrizzlyOwl commented 1 year ago

Ran into the exact same issue this morning. Flushing DNS cache didn't help but specifying the server registry-1.docker.io was successful

Valgard commented 1 year ago

Ran into the same issue. Additional Docker Desktop App shows a dialog with

Login rejected
getting entitlement: request to https://accounts-api.s.us-east-1.aws.dckr.io/v2/users/valgard/orgs/?page_size=2147483647 failed with status 403: {"message":"access is forbidden with a JWT issued from a personal access token","errinfo":{}}

and then I'm logged out.

Login with the specifying the server registry-1.docker.io was successful.

2FA is active in my account.

MacOS with ZSH

Client:
 Cloud integration: v1.0.29
 Version:           20.10.20
 API version:       1.41
 Go version:        go1.18.7
 Git commit:        9fdeb9c
 Built:             Tue Oct 18 18:20:35 2022
 OS/Arch:           darwin/amd64
 Context:           default
 Experimental:      true

Server: Docker Desktop 4.13.1 (90346)
 Engine:
  Version:          20.10.20
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.18.7
  Git commit:       03df974
  Built:            Tue Oct 18 18:18:35 2022
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.8
  GitCommit:        9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6
 runc:
  Version:          1.1.4
  GitCommit:        v1.1.4-0-g5fd4c4d
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
stefanbratko commented 1 year ago

Hi, I can confirm that the login is working with the workaround, but unfortunatly I can not pull any images from our repository. If I log in via user and password it works but not with the personal access token. It always prompts "repository does not exist or may require 'docker login': denied: requested access to the resource is denied".

Is there also a fix for this issue?

ingshtrom commented 1 year ago

We believe we have found another problem today as we continue to investigate. The Docker Status page has been updated to reflect the current incident. You can follow along there--we apologize for the inconvenience. We are working on getting a fix rolled out right now.

ingshtrom commented 1 year ago

This issue is being marked as resolved soon. Please comment back on whether things are fixed for you as well.

Thank you!

aldobongio commented 1 year ago

It works, thanks!