fix(frontend): include basePath in AUTH_OIDC_BASE_URL#681
Merged
RyanHolstien merged 2 commits intoacryldata:masterfrom Mar 23, 2026
Merged
fix(frontend): include basePath in AUTH_OIDC_BASE_URL#681RyanHolstien merged 2 commits intoacryldata:masterfrom
RyanHolstien merged 2 commits intoacryldata:masterfrom
Conversation
When global.basePath.enabled is true, AUTH_OIDC_BASE_URL now appends the frontend base path to the ingress host. This fixes OIDC authentication failures where the redirect_uri sent to the identity provider was missing the base path (e.g. /datahub), causing an "Invalid parameter: redirect_uri" error. Also adds an oidcBaseUrl override in the oidcAuthentication values block for cases where the automatically constructed URL is not suitable. Closes acryldata#680
bump chart version
RyanHolstien
approved these changes
Mar 23, 2026
Contributor
|
Thanks for the contribution! 😄 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
global.basePath.enabledistrue,AUTH_OIDC_BASE_URLnow includes the frontend base path (e.g.https://example.com/datahubinstead ofhttps://example.com)oidcAuthentication.oidcBaseUrloverride for cases where the auto-constructed URL is not suitableProblem
AUTH_OIDC_BASE_URLwas hardcoded tohttps://<ingress-host>, ignoringglobal.basePath.frontend. When deploying DataHub behind a base path (e.g./datahub), the OIDCredirect_urisent to the identity provider was missing the base path, causing authentication to fail with "Invalid parameter: redirect_uri".Changes
charts/datahub/subcharts/datahub-frontend/templates/deployment.yamlAUTH_OIDC_BASE_URLnow uses a 3-way conditional:oidcAuthentication.oidcBaseUrlis set → use it verbatimglobal.basePath.enabled→ appendglobal.basePath.frontendto the ingress hostcharts/datahub/subcharts/datahub-frontend/values.yamlAdded a commented
oidcBaseUrloption in theoidcAuthenticationblock.Test plan
helm templatewithbasePath.enabled=trueandbasePath.frontend=/datahub→AUTH_OIDC_BASE_URLishttps://example.com/datahubhelm templatewithout basePath →AUTH_OIDC_BASE_URLishttps://example.com(no regression) - [ ]helm templatewith explicitoidcBaseUrl→ value is used as-isCloses #680
Checklist
Note
Medium Risk
Changes how the frontend computes
AUTH_OIDC_BASE_URL, which can affect OIDC redirect URIs and login behavior if misconfigured. Scope is limited to Helm templating/values and should be low impact for deployments not using OIDC orglobal.basePath.Overview
Fixes OIDC deployments behind a base path by updating the frontend chart to include
global.basePath.frontendwhen constructingAUTH_OIDC_BASE_URL.Adds an
oidcAuthentication.oidcBaseUrlvalues override to allow explicitly setting the redirect base URL, and bumps the parent Helm chart version to0.8.23.Written by Cursor Bugbot for commit 94734fb. This will update automatically on new commits. Configure here.