Cognito: /auth Invalid session state: stored %!s(<nil>) on first login

[avishayil]

Describe the problem I'm trying to utilize vouch proxy in order to secure Kuberentes Dashboard (blog post coming soon btw) Vouch proxy returns response code 400 on first login using Cognito user pool OAuth provider Deployed on EKS with helm chart, route53 domain points to ingress-nginx alb, then route to vouch-proxy to perform auth. Cognito provides the JWT, then vouch-proxy instructs ingress-nginx to include the JWT in the Authorization header

Expected behavior Successfully redirect to the client application instead of returning code 400.

Desktop (please complete the following information):

• OS: macOS Ventura 13.0.1
• Browser: Chrome, Firefox
• Version: Latest

Additional context Logs: https://gist.github.com/avishayil/57997ff80fc10e993573ce96a037eaf4 Repository: https://github.com/avishayil/kubernetes-dashboard-vouch-cognito (full Cognito integration implementation)

When using testing: true redirect works fine. After first login, the application works just fine. When JWT expires, error occurs again. Error does not reproduce after deleting the vouch cookie. Error reproduce after using the "sign out user" feature of Cognito: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUserGlobalSignOut.html

Found similar issue on #430, but it is reproducible this time

[bnfinet]

@avishayil happy to help but I need more info. Please consult the README for what to provide when submitting an issue.

I'd be very excited to read a blog post about VP + Kuberentes Dashboard !

[bnfinet]

@avishayil I'm going to close this for now, feel free to post again to this thread if you'd still like me to take a look