Enterprise SSO will not redirect properly and allow users to login

Bug report

Required System information

Node.js version: 20.11.1
Yarn version: 1.22.22
Strapi version: 4.24.0
Database: SQLite
Operating system: Linux Mint 21.3
Is your project Javascript or Typescript: Javascript

Strapi report info:

$ strapi report --all
Launched In: 282 ms
Environment: development
OS: linux-x64
Strapi Version: 4.24.0
Node/Yarn Version: yarn/1.22.22 npm/? node/v20.11.1 linux x64
Edition: Enterprise
Database: sqlite
UUID: 02f807bc-204f-43ae-963d-8b3be826d65d
Dependencies: {
  "@strapi/plugin-cloud": "4.24.0",
  "@strapi/plugin-i18n": "4.24.0",
  "@strapi/plugin-users-permissions": "4.24.0",
  "@strapi/strapi": "4.24.0",
  "better-sqlite3": "8.6.0",
  "passport-discord": "^0.1.4",
  "react": "^18.0.0",
  "react-dom": "^18.0.0",
  "react-router-dom": "5.3.4",
  "styled-components": "5.3.3"
}
Dev Dependencies: {}

Describe the bug

Redirects on admin auth page are broken causing the error page to not show and/or not redirecting after successful login. Refreshing page after successful login does not work either. Effectively: SSO is broken completely for most users, randomly will work for a few others after several tries.

Steps to reproduce the behavior

Configure SSO with any provider
Enable SSO
Try to login with SSO
See error

Reproduction video:

https://www.loom.com/share/0e77ba46bfee4805921a8b6c15795a59?sid=3bf8cd13-8985-4510-9cc6-e147e65a3579

Expected behavior

Should allow login or show error page and handle redirects properly

Screenshots

N/A

Code snippets

// path: ./config/admin.js

const DiscordStrategy = require("passport-discord");

module.exports = ({ env }) => ({
  auth: {
    secret: env("ADMIN_JWT_SECRET"),
    providers: [
      {
        uid: "discord",
        displayName: "Discord",
        icon: "https://cdn0.iconfinder.com/data/icons/free-social-media-set/24/discord-512.png",
        createStrategy: (strapi) =>
          new DiscordStrategy(
            {
              clientID: env("DISCORD_CLIENT_ID"),
              clientSecret: env("DISCORD_SECRET"),
              callbackURL:
                strapi.admin.services.passport.getStrategyCallbackURL(
                  "discord"
                ),
              scope: ["identify", "email"],
            },
            (accessToken, refreshToken, profile, done) => {
              done(null, {
                email: profile.email,
                username: `${profile.username}#${profile.discriminator}`,
              });
            }
          ),
      },
    ],
  },
  apiToken: {
    salt: env("API_TOKEN_SALT"),
  },
  transfer: {
    token: {
      salt: env("TRANSFER_TOKEN_SALT"),
    },
  },
  flags: {
    nps: env.bool("FLAG_NPS", false),
    promoteEE: env.bool("FLAG_PROMOTE_EE", false),
  },
});

// path: ./config/middlewares.js

module.exports = [
  "strapi::logger",
  "strapi::errors",
  {
    name: "strapi::security",
    config: {
      contentSecurityPolicy: {
        useDefaults: true,
        directives: {
          "connect-src": ["'self'", "https:"],
          "img-src": [
            "'self'",
            "data:",
            "blob:",
            "market-assets.strapi.io",
            "cdn0.iconfinder.com",
          ],
          "media-src": [
            "'self'",
            "data:",
            "blob:",
            "market-assets.strapi.io",
            "upload.wikimedia.org",
            "cdn0.iconfinder.com",
          ],
          upgradeInsecureRequests: null,
        },
      },
    },
  },
  "strapi::cors",
  "strapi::poweredBy",
  "strapi::query",
  "strapi::body",
  "strapi::session",
  "strapi::favicon",
  "strapi::public",
];

Additional context

Related to ticket ID 6597, would normally be high but raised to critical as part of escalation process

strapi / strapi