JWT login not working in UI

[lucadepaoli]

Describe the bug
JWT login is not working in the web UI, login from CLI/API works correctly.
Trying to login via the web UI using a JWT token fails with the error "Authentication failed: permission denied", but the /auth/jwt/login endpoint is never called.

To Reproduce
Steps to reproduce the behavior:

1. Run vault auth enable jwt
2. Run vault write auth/jwt/config oidc_discovery_url="https://login.example.com/" default_role="guest"
3. Open the web UI and try to login with a JWT token

Expected behavior
Login works correctly (given the guest roles exists), "Authentication failed: role "guest" could not be found" error otherwise.

Environment:

• Vault Server Version: 1.10.1 (latest Vault version from https://releases.hashicorp.com/vault/)
• Vault CLI Version: 1.10.1
• Server Operating System/Architecture: Fedora 35

Vault server configuration file(s):

storage "raft" {
  path    = "/some/storage/path"
  node_id = "node1"
}

listener "tcp" {
  address     = "127.0.0.1:8200"
  tls_disable = "true"
}

api_addr = "http://127.0.0.1:8200"
cluster_addr = "https://127.0.0.1:8201"
ui = true
disable_mlock = true

Additional context
This bug is present in version 1.8.10, 1.9.5, 1.10.0 and 1.10.1. I haven't found other Vault version affected.
I think this bug might be related to PR #14545: in ui/app/components/auth-form.js, at line 248, changing back to let backend = this.selectedAuthBackend || {}; the login works correctly, but I don't know if there are any other impacts.

[austingebauer]

@lucadepaoli - Thanks for opening this issue. I'm not certain if it will work, but there was a UI workaround for the related OIDC login issue. I'd suggest to give that workaround a try with JWT auth until we can get this fixed.

cc: @zofskeez