Backport of OIDC Alternate Path Bug into release/1.11.x

[hc-github-team-secure-vault-core]

Backport

This PR is auto-generated from #17661 to be assessed for backporting due to the inclusion of the label backport/1.11.x.

WARNING automatic cherry-pick of commits failed. Commits will require human attention.

merge conflict error: POST https://api.github.com/repos/hashicorp/vault/merges: 409 Merge conflict []

The below text is copied from the body of the original PR.

---

This PR addresses issues with error handling within the OIDC login workflow and fixes a bug with the inputted role not being retained when attempting to login at an alternate mount path. This was brought up in issue #14671 where it was also pointed out that logging in with the jwt auth method using the mount tabs was returning an error which has also been fixed.

Alternate mount path issue as observed in 1.12.0:

After clicking the sign in button numerous times it appears that nothing happens, when in reality the role is not passed in the request for the auth_url and the check for that returns out of the function without any communication to the user.

After updates:

The foo role doesn't exist for the foo-oidc path and now an error is displayed. Next, the bar role does not have a redirect_uri for the path foo-oidc. Once the auth_url is available we can now login as expected.

---

Overview of commits

• aa94835

[hashicorp-cla]

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

---

temp seems not to be a GitHub user.
You need a GitHub account to be able to sign the CLA. If you already have a GitHub account, please add the email address used for this commit to your account.

_{Have you signed the CLA already but the status is still pending? Recheck it.}