Open ptr1120 opened 2 weeks ago
So the expected redirect url should be https://mycompany.org/infra/argocd/pkce/verify
instead of https://mycompany.org/pkce/verify
?
Exactly, it schould be https://mycompany.org/infra/argocd/pkce/verify
Thanks @ptr1120 , normally if you navigate through pages does that prefix /infra/argocd
is preserved in your browser URL?
Yes @Marvin9 it is preserved in my browser Url but window.location.origin
seems to be only about the host part of the Url. See also
Alright thanks. Then the only problem to solve is to discover the root URL in browser and then we can pass to the function mentioned in the issue. I will look into this once I get time.
thanks @Marvin9
Checklist:
argocd version
.Describe the bug
I'm hosting ArgoCD at a custom base path (
mycompany.org/infra/argocd
) and using Keycloak as an external IdP. The configuration functions as expected until I enable PKCE (Proof Key for Code Exchange). Specifically, when enablePKCEAuthentication is set to true in theargocd-cm
config map, the ArgoCD frontend incorrectly useswindow.location.origin
as the redirect URL, as demonstrated in thegetPKCERedirectURI
function located in utils.ts.To Reproduce
Login via Keycloak
buttonExpected behavior
ArgoCD should respect one of the configured parameters (
server.rootpath
,server.basehref
, orurl
from theargocd-cm
orargocd-cmd-params-cm
config map) to determine the correct base URL for redirects.Version