Picard carries state of being logged in to the MusicBrainz server. It retains this state even if the user changes the server address to a local MusicBrainz replica server (which does not allow logging in). The result is that what should be an innocuous action — clicking the "Tagger" button in a musicbrainz.org Release window to instruct Picard to open that Release from the local replica server — fails with an error message.

How to reproduce:

1. Set up a local replica MusicBrainz server using musicbrainz-docker, with data replication
2. Configure Picard 2.13.3 – Preferences – General – Server address: localhost, port: 5000, "[ ] submit data to the configured server" is *un*checked.
3. Configure Picard – Preferences – Genre – "[ ] Use genres from MusicBrainz" is *un*checked, and "[ ] Only use my genres" is unchecked and disabled.
4. Configure Picard – Preferences – Ratings – "[ ] Enable track ratings" is *un*checked.
5. Insert physical medium CD 13 of release/b8135d into CD Drive. (Bug may not be release-specific.)
6. Using Picard, perform a CD lookup, two incorrect releases found
7. Press [Submit disc ID] button. Musicbrainz.org web page appears. Find the correct release and position 13/122 of that release. Save the CD TOC to that medium. The Release page appears.
8. Press the green "Tagger" button on the Release page. In Picard, in the right-hand pane, a message "[loading album information]" appears.

Observed behaviour
1. Picard displays an alert dialogue, reading,

[?] Picard needs authorization to access your personal data on the MusicBrainz server. would you like to log in now? [No] [Yes]

2. If I click the "[Yes]" button, a web page appears, with the URL "http://localhost:5000/oauth2/authorize?response_type=code…", and a message,

Forbidden request

Sorry, you are unable to perform that action on a mirror server.

In order to log in or make changes to the database you must visit the main server at https://musicbrainz.org/.

Then the right-hand pane changes as below.
3. If I click the "[No]" button, the dialogue disappears, and the right-hand pane, the message "[loading album information]" changes to "[could not load album b8135d0a-f234-4e40-944a-c15fa41d73ec]".

Expected behaviour:
1. Picard does not ask to log in to a non-standard server.
2. Picard loads the album information for release/b8135d from the local server.

Discussion:

Forum thread, Picard “could not load album” with local replica, requires login discusses this issue. outsidecontext replied there,

[quote="outsidecontext, post:4, topic:813723"]
Being logged in to the main server is not actually useful. The only data that could be written back via API are ratings and collections. And both features won’t work if Picard is not able to get this personal data when fetching data. Hence logging out is actually the correct solution.

Picard could probably automatically log the user out when servers get switched. Also yes, we could make the collection feature optional as well.
[/quote]

Thus, I suggest the improvement that when the user changes the Preferences setting for the Server address, that Picard automatically logs the user out from the server.

An alternative is for Picard to allow two separate Oauth login states, one for the configured server address, and one for primary database on musicbrainz.org, if they are different.

In the thread, How do i authorize picard to local musicbrainz, the resolution was to uncheck Picard's "[ ] Only use my genres" and "[ ] Enable track ratings". They are unchecked for me.

In the thread, Picard asking for authorization when trying to load one specific release, the obstacle appeared to be that the target release had been merged into a Release with a different MBID, and Picard was not following the transition. However, a fix for that was added to Picard in 2019. In this case, there is one Release merge edit in this Release's history, edit #59316403, but it is merging this MBID into the same MBID.

In the Picard log, I see the following error messages,

I: 17:35:30,238 browser/browser.log_message:172: "GET /openalbum?id=b8135d0a-f234-4e40-944a-c15fa41d73ec HTTP/1.1" 200 -
E: 17:35:30,432 webservice._handle_reply:535: Network request error for http://localhost:5000/oauth2/token -> Error transferring http://localhost:5000/oauth2/token - server replied: Bad Request (QT code 302, HTTP code 400)
E: 17:35:30,433 oauth.on_refresh_access_token_finished:301: OAuth: access_token refresh failed: b'
Unknown macro: {"error_description"}
'
E: 17:35:33,735 webservice._handle_reply:535: Network request error for http://localhost:5000/ws/2/release/b8135d0a-f234-4e40-944a-c15fa41d73ec?inc=aliases%2Bannotation%2Bartist-credits%2Bartist-rels%2Bartists%2Bcollections%2Bdiscids%2Bisrcs%2Blabels%2Bmedia%2Brecording-level-rels%2Brecording-rels%2Brecordings%2Brelease-group-level-rels%2Brelease-groups%2Brelease-rels%2Bseries-rels%2Burl-rels%2Buser-collections%2Bwork-level-rels%2Bwork-rels -> Host requires authentication (QT code 204, HTTP code 401)
E: 17:35:33,736 ui/item.error_append:108: <Album b8135d0a-f234-4e40-944a-c15fa41d73ec ''>: Host requires authentication

I notice that the request includes "%2Buser-collections". The server code returns an error is the user makes this request without being logged in.