Ui Beta, keeps redirecting to login page

Hi,
I am trying to activate SSO in temporal.
When I change the development.yaml for this purpose and deploy to my cloud, it is authenticated by our Federation service but the temporal page keeps redirecting on ‘/login’ page only.

In UI file ‘\src\routes__layout-root.svelte’ this code runs

if (!isAuthorized(settings, user)) {
      return {
        status: 302,
        redirect: '/login',
      };

The user is empty hence this function keeps running.

Do we have to make some changes in the code for authentication to work properly in our environment?
Could you also point out what frameworks are being used for authentication and how can we set things like state, session, session expiry, etc.

If I remember correctly, the UI requires that the JSON web token that is returned from your auth servers contains an “email” claim, at a minimum. We had similar problems, because our system didn’t include this claim.

I have checked and our auth servers do return the “email”.
Could anyone please point any changes that are needed in the code?
Also if you could point out if any specific framework is being used for authentication, it will be helpful.

Tagging @Ruslan

Do you see any auth related errors in the UI process logs?

If there are some changes to the code that we want to make, i would start looking from here as the entry point ui-server/auth.go at 9bdabc4c2b5f535b443806a6d602e0948c1dabe6 · temporalio/ui-server · GitHub

We use GitHub - coreos/go-oidc: A Go OpenID Connect client. as the underlying framework

authenticateCb is the most interesting part. This is where it tries to retrieve user data + access token and persist these for later usage. If something fails it’s most likely this method

Additionally could you also check the Network Tab in your browser’s dev tools and see if there is anything useful regarding the failed network calls