Docker's auth V2 (docs link above) is Oauth-ish, but doesn't seem to conform 100% to the specification. I started by just trying to stand up an OIDC endpoint to talk to docker and Keycloak threw a "Missing parameters: response_type" error. Turns out, Docker sends the GET request like this:
Not only is the request missing the request_typer paremeter, but Docker uses different nomenclature than the OAuth/OIDC standard. For instance, I would expect the 'service' param to appear as the client_id param to conform to the OAuth spec.
Since it uses different nomenclature, I thought it would be a much cleaner implementation to just implement it as its own protocol. Didn't want to muddy up a clean OIDC/OAuth implemention.