Parameter cm.url required for Dex callback when using ingress path

[manning-ncsa]

Describe the bug

When using a non-empty base path like /argo-cd for the ingress, for example so that ArgoCD is available at https://example.com/argo-cd, the automatic Dex auth callback URL does not include the path and so OIDC authentication fails. This is solved by explicitly specifying https://example.com/argo-cd as the value of configs.cm.url in the chart values; however, configs.cm.url is nether mentioned in the default values.yaml file nor mentioned in the Readme.

Related helm chart

argo-cd

Helm chart version

7.3.11

To Reproduce

Deploy an instance of ArgoCD with a target ingress https://example.com/argo-cd and default values overrides as follows:

global:
  domain: example.com
configs:
  params:
    server.insecure: true
    server.basehref: /argo-cd
    server.rootpath: /argo-cd
  cm:
    #url: https://example.com/argo-cd
    dex.config: |
      connectors:
      - id: gitlab-project
        type: gitlab
        name: Project on GitLab
        config:
          groups:
          - "project"
          clientID: $dex.gitlab.project.clientId
          clientSecret: $dex.gitlab.project.clientSecret

In this example, GitLab is used as the OIDC identity provider and the configs.cm.url value has been omitted.
Attempts to authenticate via OIDC will yield 404 errors due to redirects to https://example.com/api/dex/callback instead of https://example.com/argo-cd/api/dex/callback. Uncommenting the configs.cm.url value above allows the auth flow to complete successfully.

Expected behavior

I expected to be able to use OIDC authentication by overriding the relevant parameters of the default values.yaml file.

Screenshots

No response

Additional context

No response