Summary
The user is setting up the Flyte core chart with Keycloak and an internal authorization server, intending to switch the authorization server later. They are facing UI authentication issues, specifically with the Flyteadmin pod, which is experiencing token retrieval errors due to a missing cookie. Accessing the web UI results in an "Authorization Required" message, and clicking the sign-in button leads to a 403 error with a missing parameter in the callback URL. Logs show repeated token retrieval failures and an "invalid_grant" error during the OAuth2 code exchange. The user has shared parts of their values file, detailing configurations for OAuth client credentials, server security settings, and authorized URIs. They discovered that disabling PKCE resolves the issues but prefer to keep it enabled and are seeking configuration options to support it, noting that something seems to be missing from the client side.