argocd login --sso oauth2: cannot fetch token: 401 Unauthorized #12124
Description
Describe the bug
Attempting to use argocd CLI and authenticating with argocd login <server> --sso and Okta SSO, and receiving the following output and error in the CLI:
WARN[0005] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web.
Opening browser for authentication
INFO[0007] RequestedClaims: map[groups:essential:true ]
Performing authorization_code flow login: https://{blahhost}&code_challenge_method={blahhash}&redirect_uri=http%3A%2F%2Flocalhost%3A8085%2Fauth%2Fcallback&response_type=code&scope=openid+profile+email+groups+offline_access&state={blah}
FATA[0027] oauth2: cannot fetch token: 401 Unauthorized
Response: {"error":"invalid_client","error_description":"Client authentication failed. Either the client or the client credentials are invalid."}
After Okta authentication, I get an accepted callback to the URL:http://localhost:8085/auth/callback?code={blah}&state={blah} which has the error:
oauth2: cannot fetch token: 401 Unauthorized
Response: {"error":"invalid_client","error_description":"Client authentication failed. Either the client or the client credentials are invalid."}
Authenticating directly into ArgoCD UI works fine, additionally able to authenticate using --auth-token flag.
Expected behavior
Run argocd login <server> --sso, authenticate via okta SSO login, success
Version
ArgoCD v2.5.3