Can't 'argocd login' with KeyCloak #10029
Description
We are using KeyCloak and I can login via web just fine.
But running argocd login --insecure ${argocd_host} -sso from console produces this log:
WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc.web.
Opening browser for authentication
Performing authorization_code flow login: https://${our_sso_host}/auth/realms/${realm_for_argo}/protocol/openid-connect/auth?access_type=offline&client_id=argocd&code_challenge=${some_hash}&code_challenge_method=S256&redirect_uri=http%3A%2F%2Flocalhost%3A8085%2Fauth%2fcallback&response_type=code&scope=openid+profile+email+groups+offline_access&state=${some_short_hash}
FATA[0002] oauth2: cannot fetch token: 401 Unauthorized
The browser opens KeyCloak page prompting login + password, I enter them once and then get redirected to http://localhost:8085/auth/callback?state=${some_short_hash}&session_state=${some_uid}&code=${two_uids_concatenated_with_dot}
which says:
oauth2: cannot fetch token: 401 Unauthorized
Response: {"error":"unauthorized_client","error_description":"Client secret not provided in request"}