"Sorry, something went wrong cannot authenticate to snap store ..." without any way to fix

Thank you for your bug report. I've the same issue on my artful and I'm unsure there is any graphical UI to re-enter credential at the moment?

The "Provided email/password is not correct." part of the error message appears to be coming through straight from the store. This most likely means you logged in to gnome-software using Ubuntu One credentials at some point in the past, and the credentials snapd has stored are no longer valid.

It might be possible to reproduce this by logging in in gnome-software (currently possible by cancelling the polkit dialog), stopping snapd, editing /var/lib/snapd/state.json to tamper with the store-macaroon value and starting snapd again. I'll need to verify if this happens.

The "Sorry, something went wrong" comes from gnome-software itself, and indicates that the error could not be classified as one of the GS_PLUGIN_ERROR_* error codes. The code in gnome-software's snap plugin specifically checks for various authentication related error conditions (SNAPD_ERROR_AUTH_DATA_REQUIRED and SNAPD_ERROR_AUTH_DATA_REQUIRED in particular), but that clearly isn't being hit.

So I think there are two possibilities here:

 1. libsnapd-glib isn't returning the correct error type for this case
 2. snapd isn't providing enough info to libsnapd-glib to decode the error

Robert, could you have a look?

So further investigation, the "cannot authenticate to snap store: " part of the error is only added by snapd for an unexpected error:

    https://github.com/snapcore/snapd/blob/master/store/auth.go#L190-L204

I believe this is being called via the refreshDischarges() method, intended to keep the store macaroon up to date. This is called by any snapd API that talks to the store, so it isn't surprising we'd hit it during gnome-software start up.

I wonder if changing your Ubuntu One password would be enough for the store to refuse to refresh the macaroon?

So it looks like the fix probably requires the following:

 1. snapd to handle the INVALID_CREDENTIALS response from the store and produce an error response that snapd-glib can distinguish.

 2. snapd-glib to handle this error case and map it to one of its error codes (either a new one, or fold it into invalid-auth-data?)

 3. if snapd-glib produces a new error code, for gnome-software's snap plugin to map this to an appropriate error code.

The end result should be for gnome-software to call the /v2/login end point again, probably passing its existing macaroon so it updates the existing snapd user rather than creating another (i.e. what would happen to paid snaps for a discarded snapd user ID when it comes time to refresh?). I'll follow up with the snappy team to verify that this is the way forward.

Discussion started here:

https://forum.snapcraft.io/t/handling-invalid-credentials/2526

Yep. There is code to prevent refreshing the macaroon if the user has changed their password since it was created:

http://bazaar.launchpad.net/~canonical-isd-hackers/canonical-identity-provider/trunk/view/head:/src/identityprovider/auth.py#L661

This should help in reproducing the bug.

Snapd side changes:

https://github.com/snapcore/snapd/pull/4061

It looks like snapd-glib might need a change too, since it looks like this will still be mapped to SNAPD_ERROR_FAILED in parse_result() (I think falling back to treating 401 as SNAPD_AUTH_DATA_REQUIRED will do).

The snapd side change got merged.