From c3fe7bc336c121ffaec721f1c763fe69ae777611 Mon Sep 17 00:00:00 2001
From: Laura Brehm <laurabrehm@hey.com>
Date: Tue, 13 Aug 2024 13:54:16 +0100
Subject: [PATCH] fallback to regular login if oauth login fails to start

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
---
 cli/command/registry/login.go         | 12 +++++++++---
 cli/internal/oauth/manager/manager.go |  9 +++++++--
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/cli/command/registry/login.go b/cli/command/registry/login.go
index b0084fa07f98..82204bab8406 100644
--- a/cli/command/registry/login.go
+++ b/cli/command/registry/login.go
@@ -144,10 +144,16 @@ func loginWithStoredCredentials(ctx context.Context, dockerCli command.Cli, auth
 func loginUser(ctx context.Context, dockerCli command.Cli, opts loginOptions, defaultUsername, serverAddress string) (*registrytypes.AuthenticateOKBody, error) {
 	// If we're logging into the index server and the user didn't provide a username or password, use the device flow
 	if serverAddress == registry.IndexServer && opts.user == "" && opts.password == "" {
-		return loginWithDeviceCodeFlow(ctx, dockerCli)
-	} else {
-		return loginWithUsernameAndPassword(ctx, dockerCli, opts, defaultUsername, serverAddress)
+		response, err := loginWithDeviceCodeFlow(ctx, dockerCli)
+		// if the error represents a failure to initiate the device-code flow,
+		// then we fallback to regular cli credentials login
+		if !errors.Is(err, manager.ErrDeviceLoginStartFail) {
+			return response, err
+		}
+		fmt.Fprint(dockerCli.Err(), "Failed to start web-based login - falling back to command line login...\n\n")
 	}
+
+	return loginWithUsernameAndPassword(ctx, dockerCli, opts, defaultUsername, serverAddress)
 }
 
 func loginWithUsernameAndPassword(ctx context.Context, dockerCli command.Cli, opts loginOptions, defaultUsername, serverAddress string) (*registrytypes.AuthenticateOKBody, error) {
diff --git a/cli/internal/oauth/manager/manager.go b/cli/internal/oauth/manager/manager.go
index 2dce3a4647aa..a39612a2a4be 100644
--- a/cli/internal/oauth/manager/manager.go
+++ b/cli/internal/oauth/manager/manager.go
@@ -15,6 +15,7 @@ import (
 	"github.com/docker/cli/cli/internal/oauth/api"
 	"github.com/docker/docker/registry"
 	"github.com/morikuni/aec"
+	"github.com/sirupsen/logrus"
 
 	"github.com/pkg/browser"
 )
@@ -70,6 +71,8 @@ func New(options OAuthManagerOptions) *OAuthManager {
 	}
 }
 
+var ErrDeviceLoginStartFail = errors.New("failed to start device code flow login")
+
 // LoginDevice launches the device authentication flow with the tenant,
 // printing instructions to the provided writer and attempting to open the
 // browser for the user to authenticate.
@@ -80,11 +83,13 @@ func New(options OAuthManagerOptions) *OAuthManager {
 func (m *OAuthManager) LoginDevice(ctx context.Context, w io.Writer) (*types.AuthConfig, error) {
 	state, err := m.api.GetDeviceCode(ctx, m.audience)
 	if err != nil {
-		return nil, fmt.Errorf("failed to get device code: %w", err)
+		logrus.Debugf("failed to start device code login: %v", err)
+		return nil, ErrDeviceLoginStartFail
 	}
 
 	if state.UserCode == "" {
-		return nil, errors.New("no user code returned")
+		logrus.Debugf("failed to start device code login: missing user code")
+		return nil, ErrDeviceLoginStartFail
 	}
 
 	_, _ = fmt.Fprintln(w, aec.Bold.Apply("\nUSING WEB BASED LOGIN"))