rastiehaiev opened a new issue, #2895: URL: https://github.com/apache/apisix-dashboard/issues/2895
### Issue description I'm using `3.0.0-alpine` tag of apisix-dashboard Docker image. I configure **oidc** with Google provider. Then: 1. When I enter dashboard link in browser, it redirects me to `/apisix/admin/user/login` (it's not a redirect actually it just replaces the URL path and renders basic auth login page). If I enabled **oidc**, why it redirects me to basic auth? 2. When I manually enter `/apisix/admin/oidc/login`, the authorisation completes successfully and then leaves me on empty `/apisix/admin/oidc/callback` not redirecting to root, authorised (**oidc** cookie is present and the response from callback has 200 status code - [link to codebase](https://github.com/apache/apisix-dashboard/blob/3e0929987f5d10789f81e5d08f09f7fbfdf2be15/api/internal/filter/oidc.go#L81)). 3. Even when I then manually enter apisix dashboard root link, UI thinks that I'm unauthorised as there is no token in browser's local storage - [link to codebase](https://github.com/apache/apisix-dashboard/blob/3e0929987f5d10789f81e5d08f09f7fbfdf2be15/web/src/app.tsx#L39C13-L39C13). The latest version of apisix dashboard image is 3.0.1 at the moment but it doesn't fix the mentioned problems. ### Expected behavior 1. If oidc enabled, redirect unauthorised user to `/apisix/admin/oidc/login`. 2. After successful **oidc** authorisation, redirect user to dashboard root. 3. REST API itself does not require token to be in browser's local storage. **oidc** session via cookie is enough to authorise requests (I checked it executing API request `/apisix/admin/upstreams?page=1&page_size=10` after **oidc** authorisation and it worked). ### How to Reproduce 1. Install apisix dashboard with oidc config and make it available via `$YOUR_DASHBOARD_HOST`. 2. Go to apisix dashboard: `$YOUR_DASHBOARD_HOST/`. It redirects you to `$YOUR_DASHBOARD_HOST/apisix/admin/user/login`. 3. Enter manually the following link: `$YOUR_DASHBOARD_HOST/apisix/admin/oidc/login`. Follow google auth instructions and be redirected to `$YOUR_DASHBOARD_HOST/apisix/admin/oidc/callback`. 4. Go to apisix dashboard: `$YOUR_DASHBOARD_HOST/`. It redirects you to `$YOUR_DASHBOARD_HOST/apisix/admin/user/login` anyway even though you have just logged in with **oidc**. ### Screenshots _No response_ ### Environment - apisix version (cmd: `apisix version`): 3.6.0-debian - OS (cmd: `uname -a`): Darwin XXX.local 23.1.0 Darwin Kernel Version 23.1.0: Mon Oct 9 21:27:27 PDT 2023; root:xnu-10002.41.9~6/RELEASE_X86_64 x86_64. - etcd version, if have (cmd: run `etcd --version`): 3.5.7-debian-11-r14 - apisix-dashboard version, if have: 3.0.0-alpine. - Browser version, if have: Google Chrome, Version 119.0.6045.159 (Official Build) (x86_64) ### Additional context _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
