When Argo is using a custom --rootpath (ex: /argocd) and using Dex for SSO, OIDC tokens created on successful login are immediately marked invalid session: oidc: id token issued by a different provider ... expected /argo/api/dex got /api/dex
To Reproduce
Deploy ArgoCD with a custom rootpath. Configure SSO login using dex.config. Example:
dex.config: |
connectors:
- config:
redirectURI: https://www.mywebsite.com/argocd/api/dex/callback
clientID: $argo-google-oidc-client:dex.google.clientID
clientSecret: $argo-google-oidc-client:dex.google.clientSecret
serviceAccountFilePath: /tmp/oidc/googleAuth.json
adminEmail: admin@mycompany.com
type: google
id: google
name: Google
Upon login you will be immediately logged out.
Expected behavior
I should be able to log in normally and access my groups information from my OIDC provider.
Checklist:
argocd version
.Describe the bug
When Argo is using a custom
--rootpath
(ex:/argocd
) and using Dex for SSO, OIDC tokens created on successful login are immediately markedinvalid session: oidc: id token issued by a different provider
...expected /argo/api/dex got /api/dex
To Reproduce
Deploy ArgoCD with a custom
rootpath
. Configure SSO login usingdex.config
. Example:Upon login you will be immediately logged out.
Expected behavior
I should be able to log in normally and access my groups information from my OIDC provider.
Version
Logs
argocd-dex-server
logsargocd-server
logs