Google SSO with Dex not working when serving multiple replicas

[gratus-acuitymd]

Checklist:

• [x] I've searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq.
• [x] I've included steps to reproduce the bug.
• [x] I've pasted the output of argocd version.

Describe the bug

We've set up Google SSO with Dex by adding the following to the configmap:

  dex.config: |
    connectors:
    - config:
        redirectURI: https://applicationurl/api/dex/callback
        clientID: client id
        clientSecret: secret
        serviceAccountFilePath: /tmp/oidc/googleAuth.json        
        adminEmail: admin@our_actual_domain.com
      type: google
      id: google
      name: Google

After login, we just keep ending up at the login screen.

I found this StackOverflow question and followed the advice and scaled down to 1 replica. The login started working. As a test I scaled back up to 3 replicas, and it stopped working again.

To Reproduce

• Set up google sso using a config similar to the above

• Set up HA with more than 1 replica

• Attempt to login using SSO

• Notice how you are always redirected back to the login

• Scale down to 1 replica

• And notice how it starts working again

Expected behavior

We should be able to have SSO and HA.

Screenshots

Version v2.8.0+804d4b8

Paste the output from `argocd version` here.

Logs

Paste any relevant application logs here.

[rojspencer-e3]

Also why are secrets being stored in a configmap? Per the documentation https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/google/#configure-dex

[gratus-acuitymd]

@rojspencer-e3 there is a way around that: https://argo-cd.readthedocs.io/en/release-2.0/operator-manual/user-management/#sensitive-data-and-sso-client-secrets

You can use the argocd-secret to store any sensitive data. ArgoCD knows to check the keys under data in the argocd-secret secret for a corresponding key whenever a value in a configmap starts with $. This can be used to store things such as your clientSecret