I'm looking for help to get vouch-proxy working with Okta on a simple web app. The app is a python Dash (flask) application, and I am running the dash app, nginx, and vouch with docker-compose on an AWS EC2 right now. I'm not running the app with SSL right now, just trying to get it working first with vouch.

When navigating to the app from Okta, I only ever get a Vouch Proxy 400 Bad Request page. In the Vouch logs I see no jwt found in request and requested destination URL has a dangerous query string looks bad warnings.

I would appreciate another set of eyes on my configuration. I have included links to gists below.

I somewhat suspect that maybe my Okta app configuration is wrong, but I have other apps (not vouch) running with similar Okta configurations.
Okta OIDC Web Application:
Sign-in redirect URIs: http://xxxxxxxxxx/vp/auth
Sign-out redirect URIs: http://xxxxxxxxxx/logout
Initiate login URI: http://xxxxxxxxxx

Vouch Logs - https://gist.github.com/airpaio/d0d0fee70296178085049bcab3cdfca2
Vouch Config - https://gist.github.com/airpaio/bf108c32ec063b00231d1a3284d33f8e
Nginx Config - https://gist.github.com/airpaio/af85afdbe164a5dcb00ae4881cf66c6f

I finally figured out my problem. Turns out it was an overlooked Okta setting. Here's what I did in case anyone else comes across this issue.

I came across the log message

{"level":"warn","ts":1669830268.1314,"msg":"/auth Error from IdP: access_denied - Policy evaluation failed for this request, please check the policy configurations."}

In Okta I had to go to Security -> API -> default Authorization server -> Access Policies, and add my Okta app to the "Assigned to clients"