Improve error message if the user is not logged in

Previously the error message prompted the user to `docker login`, but this will not work if - 2FA is required - SSO is enabled with enfocement on Docker Hub, see https://docs.docker.com/single-sign-on/#enforce-sso-in-docker-hub The most reliable way to login is through the Docker Desktop UI, since the SSO/2FA flows are all handled automatically (via the web browser) Try to improve the error message by explaining the options. Signed-off-by: David Scott <[email protected]>
docker · Jul 1, 2022 · 497ccc0 · 497ccc0
1 parent 5a67dc4
commit 497ccc0
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/internal/provider/provider.go b/internal/provider/provider.go
@@ -186,8 +186,15 @@ func WithExperimental() Ops {
 
 func getToken(opts Options) (string, error) {
 	if opts.auth.Username == "" {
-		return "", fmt.Errorf(`You need to be logged in to Docker Hub to use scan feature.
-please login to Docker Hub using the Docker Login command`)
+		return "", fmt.Errorf(`You need to be logged in to Docker Hub to use the scan feature.
+
+If you are not using Docker Desktop, either
+- use the "docker login" CLI command with a username and password. Note this will not work if
+  2FA is required or if SSO enforcement is enabled on Docker Hub; or
+- use the "docker login" CLI command with a username and Personal Access Token. This requires
+  a token to be generated in advance.
+
+If you are using Docker Desktop: login via the UI or whale menu`)
 	}
 	h := hub.GetInstance()
 	jwks, err := h.FetchJwks()