Argo-cd: Redirect by dex fails with this command, "argocd login xxx.xxxx.com --sso"

Created on 21 Dec 2020  路  3Comments  路  Source: argoproj/argo-cd

If you are trying to resolve an environment-specific issue or have a one-off question about the edge case that does not require a feature then please consider asking a question in argocd slack channel.

Checklist:

  • [x] I've searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq.
  • [x] I've included steps to reproduce the bug.
  • [x] I've pasted the output of argocd version.

Describe the bug

I upgraded dex from v2.22.0 to v2.27.0.
Then, sso login through argocd cli failed and got the following error massage on my browser

Bad Request
Unregistered redirect_uri("http://localhost:8085/auth/callback")

To Reproduce

Run argocd v1.7.7 deployment
Run dex v2.27.0 deployment

Run the following command, argocd login xxx.xxxx.com --sso with argocd client v1.7.7

Expected behavior

The login should be successful with dex v2.27.0 as well as dex v2.22.0

Screenshots

If applicable, add screenshots to help explain your problem.

Version

% argocd version                                                                                  :~
argocd: v1.7.7+33c93ae
  BuildDate: 2020-09-29T04:54:55Z
  GitCommit: 33c93aea0b9ee3d02fb9703cd82cecce3540e954
  GitTreeState: clean
  GoVersion: go1.14.1
  Compiler: gc
  Platform: linux/amd64
argocd-server: v1.7.7+unknown
  BuildDate: 2020-11-06T06:53:17Z
  GitCommit:
  GitTreeState: clean
  GoVersion: go1.14.10
  Compiler: gc
  Platform: linux/amd64
  Ksonnet Version: unable to determine ksonnet version: exec: "ks": executable file not found in $PATH
  Kustomize Version: {Version:kustomize/v3.7.0 GitCommit:42d1f7b792a80af34828ec4c89af99e1043351a7 BuildDate:2020-07-04T19:15:46Z GoOs:linux GoArch:amd64}
  Helm Version: could not get helm version: exec: "helm": executable file not found in $PATH
  Kubectl Version: v1.18.9

Logs

@ dex contiainer

time="2020-12-21T01:51:47Z" level=error msg="Failed to parse authorization request: Unregistered redirect_uri (\"http://localhost:8085/auth/callback\")."
time="2020-12-21T01:52:01Z" level=error msg="Failed to parse authorization request: Unregistered redirect_uri (\"http://localhost:8085/auth/callback\")."
...

Our argocd configuration is here

bug high major workaround
Source
picture binoue

All 3 comments

This change, which is applied to dex v2.26.0 and v2.27.0, might be causing this issue.

binoue picture binoue on 21 Dec 2020

Thanks, I could successfully reproduce it. We have updates to Dex 2.27.0 in the queue (already committed, waiting to be released), so this catch is very valuable.

jannfis picture jannfis on 21 Dec 2020
👍1

I had this issue as well and solved it by adding a custom staticClient which adds the port to the redirect URI.

Related code for this is found here:

https://github.com/argoproj/argo-cd/blob/1734b46f71209589cf4177f7fe72e19769782f4e/util/dex/config.go#L55

Might be updatable like this:

-           "http://localhost",
+           "http://localhost:8085",

I solved it currently in my configuration using:

    dex.config: |
      # see https://github.com/argoproj/argo-cd/issues/5094
      staticClients:
      - id: "argo-cd-cli"
        name: "Argo CD CLI"
        redirectURIs: ["http://localhost:8085/auth/callback"]
        public: true
mweibel picture mweibel on 21 Dec 2020
1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

rosscdh picture rosscdh  路  3Comments
duboisf picture duboisf  路  3Comments
alexec picture alexec  路  3Comments
haf picture haf  路  3Comments
estahn picture estahn  路  3Comments