[BUG] Looping OIDC sign-ins (too many redirects) in case of any errors during initial sign-in

[jankosecki]

What is the bug?
Any exception during OIDC sign-in causes redirect to login:

} catch (error) {
          context.security_plugin.logger.error(`OpenId authentication failed: ${error}`);
          // redirect to login
          return this.redirectToLogin(request, response);
        }

which is a secured view, causing another sign-in request and so on, resulting in a looping and finally "too many redirects" error.

How can one reproduce the bug?
Steps to reproduce the behavior:

1. Set up an OpenID login in backend and the dashboard
2. In the backend configuration set subject_key to some value that is not provided by id_token from your OIDC provider
3. Try to sign-in to via the dashboard

What is the expected behavior?
Ideally more user-friendly error in the console and not just OpenId authentication failed: AuthorizationError and redirect to an failed sign-in view that doesn't require signed session

What is your host/environment?

• Version 1.3.2
• Plugins - default installation of OpenSearch using Helm charts

Do you have any additional context?
Handling exception by redirecting to login happens in security-dashboards-plugin/server/auth/types/openid/routes.ts - the scope of try-catch there is quite broad so any exception that happens there will result in an infinite loop like that.
In my case id_token didn't contain email field, which backend security plugin required and hence

          const user = await this.securityClient.authenticateWithHeader(
            request,
            this.openIdAuthConfig.authHeaderName as string,
            `Bearer ${tokenResponse.idToken}`
          );

was throwing AuthorizationException

[DarshitChanpura]

[Triage] Thanks for filing this issue. We'd love to review a pull request.