rishabh625
commented
2 years ago looks like a temp issue, did u refresh and tried again?
Open jsoref opened 2 years ago
rishabh625
commented
2 years ago looks like a temp issue, did u refresh and tried again?
jsoref
commented
2 years ago I'm not interested in that. I want the error page changed.
Tarasovych
commented
2 years ago Still an issue
schmiman
commented
2 years ago Getting the same error using AWS Cognito with AWS SSO as SAML provider.
jsoref
commented
2 years ago Not entirely certain about the caller, it's one of these two: https://github.com/argoproj/argo-cd/blob/fd8ecf49b2ad2acc5227c8a899354e39a7b51ea1/util/oidc/oidc.go#L321-L342 https://github.com/argoproj/argo-cd/blob/fd8ecf49b2ad2acc5227c8a899354e39a7b51ea1/util/oidc/oidc.go#L422-L433
In any case, the fix would be to replace http.Error calls with something else....
Half a proposal:
Replace them with an http.Redirect call to the login page with a query parameter containing the error. (And have the login page check for the parameter and show a toast when it's present.)
Alternate proposal: add enough code so that http.Error can render a pretty page containing the error and a link to the login page.
I don't really have a particular preference between these two approaches. The advantage of retaining http.Error is that if a non web browser is trying to follow this flow, it would get to keep the error status. In terms of code, I suspect that the go code to make a pretty html page inside http.Error would be more painful than writing handling for the login page to show the toast. But I could be wrong on all points.
n0nvme
commented
1 year ago same problem with argocd v2.5.1 and gitlab as OIDC provider
ianchudson-caribou
commented
1 year ago We're seeing this currently with v2.5.4+86b2dde
To replicate I log out + clear cookies. Navigate to ArgoCD URL (argocd.domain.com) Click "Login with Auth0"
Error Displayed: failed to get token: oauth2: cannot fetch token: 401 Unauthorized Response: {"error":"access_denied","error_description":"Unauthorized"}
Refresh: data length is less than nonce size
If you then manually refresh to argocd.domain.com the page loads without issue.
Note: If you login via this URL: argocd.domain.com/login?return_url=https%3A%2F%2Fargocd.domain.com%2Fapplications everything seems to work.
SavaMihai
commented
10 months ago Same issue for me... I've configured ArgoCD with OIDC to log in via Azure AD and I'm getting the same error.
This method works for me:
Note:
If you login via this URL: argocd.domain.com/login?return_url=https%3A%2F%2Fargocd.domain.com%2Fapplications everything seems to work.
ilbarone87
commented
6 months ago Hello, are you still experiencing this issue? the workaround provided doesn't work for me as my main endpoint is already argocd.domain.com/login?return_url=https%3A%2F%2Fargocd.domain.com%2Fapplications
bhavicp
commented
5 months ago Experiencing this issue as well.
Raskosk
commented
4 months ago Same here with ArgoCD v2.11 and Keycloak V23
KiqoCode
commented
2 weeks ago Same issue here on v2.11.. Workaround does not work..
Checklist:
argocd version.Describe the bug
I was trying to visit argocd while it was upgrading from an older version after having not visited it in a bit.
I got the login page and clicked the button to log in via github
My browser was redirected to a top level page of the form:
The initial message had an error (I can't recall the error).
I tried reloading the page and then got a page with:
data length is less than nonce sizeTo Reproduce
Expected behavior
Ideally users would get a pretty error page with access to the various login buttons
Screenshots
Version
Logs