argo-cd: Azure not supported for WebUI PKCE Auth Code Flow
Describe the bug
In the upcoming v2.10.0-rc1
release, @Marvin9 added support for using authorization code flow with PKCE in the webUI, which is lovely. ❤️
Unfortunately Azure is non-compliant with RFC8414 standard because the /.well-known/openid-configuration
endpoint is missing the code_challenge_methods_supported
property.
The ArgoCD login flow is stopped checking for that specific property here.
https://github.com/argoproj/argo-cd/blob/3224102664b747e88e7330e59b3b44bc9c28cd66/ui/src/app/login/components/utils.ts#L76-L80
Other projects seem to have the same issue, like kubelogin.
This was brought to the attention of Microsoft in January 2021 and I do not think that they intend to do anything about it.
Proposal
Maybe have a setting something like, forcePKCECodeChallengeMethod: S256
that would skip the code_challenge_methods_supported
property check, or just skipPKCECodeChallengeMethod: true
?
About this issue
- Original URL
- State: open
- Created 6 months ago
- Comments: 15 (8 by maintainers)
tl;dr I think either
code_challenge_methods_supported
property