The OAuth protocol requires the client to give permission to a specific application. JPD will redirect the user to the configured application URL and one permission is granted user will be navigated back.
The limitation on this process when working in High Availability setup is that the user must return to the same node, otherwise the authentication process will fail, in order to achieve this a sticky session configuration should include the /artifactory/api/oauth2/.
The example below shows NGINX configuration.
NGINX Reverse Proxy Configuration
location ~ (/artifactory/webapp/|/artifactory/ui/|/artifactory/api/oauth2/) {
proxy_http_version 1.1;
proxy_pass http://<UPSTREAM_NAME>;
proxy_intercept_errors on;
proxy_pass_header Server;
proxy_connect_timeout 75s;
proxy_send_timeout 2400s;
proxy_read_timeout 2400s;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host;
}