Invalid redirect after session timeout using oidc

[tjvdmolen]

Describe the bug
When you are using a non-dex oidc configuration and your session times out your browser will redirect you to /auth/login instead of /login and you have to clear your cookies to get out of that redirect loop.

The redirect in question seems to be:

argo-cd/ui/src/app/app.tsx

Line 103 in 0ca4f74

window.location.href = `${basehref}/auth/login?return_url=${encodeURIComponent(location.href)}`;

To Reproduce

Setup argocd using a oidc provider without using dex, wait for your session to time out and trigger a call to the backend.

Expected behavior

When the session times out it should redirect to /login and the user shouldnt be stuck in a redirect loop

Version

argocd: v2.11.0+20fada8
  BuildDate: 2024-05-07T19:32:23Z
  GitCommit: 20fada836441ab22225d1253255fa11eeada876d
  GitTreeState: clean
  GoVersion: go1.22.1
  Compiler: gc
  Platform: linux/amd64

[rouke-broersma]

I think this might be specific to your setup because this works fine for me. /login is the login page and /auth/login is the oidc redirect.

In this sc you can see that the /login page 'login with SSO' button redirects to /auth/login:

I would guess that you haven't setup your redirect url correctly in your SSO provider or something similar which creates a redirect loop.