Ability to set callback/redirect URL on sso login flow from CLI #22738
Description
Summary
We would like to have the option of setting a non-localhost redirect URL to the argocd login --sso flow to support use of cloud-based IDEs for developers that need to manage their Argo apps.
Motivation
We are using Eclipse Che to provide cloud-based IDE environments to developers on top of k8s. We'd like to be able to provide the option of using the argocd cli in those environments to manage apps. The challenge we face is that the IDE runs in the browser, and is backed by a remote container in the cluster. This means that browser calls to localhost or 127.0.0.1 won't work. Instead, Che works by exposing the IDE pod via dynamically generated routes or ingresses. So, for an SSO workflow, we'd need to be able to set the callback URL in order for the redirect from the Argo server to work properly.
Without this, ability, we get a browser error because it can't reach the port that the cli spun up, and the login flow cannot complete.
I've verified that the rest of the flow will work by manually overriding localhost:8085/auth/callback?code=<auth code> in the browser bar with etsauer-code-redirect-3.che.apps.my-k8s.home/auth/callback?code=<auth code>, and then the flow completes successfully. Just missing the ability to set that URL.
Proposal
Currently, the RedirectURL is hard-coded to localhost, here: https://github.com/argoproj/argo-cd/blob/master/cmd/argocd/commands/login.go#L218. What I'd like to see is to add a --redirect flag, so the login command from a cloud-IDE could look like:
argocd login tenant-gitops.my-k8s.home --sso --callback etsauer-code-redirect-3.che.apps.my-k8s.home