Describe the problem
I'm using Google IdP, the login seems to work: I am redirected to Google, I select my email, I get redirect back to my site and the private content is being served. The issue I'm having is that I want to limit showing the content to only certain emails, not anyone who logged in with Google. To do that I'm trying to write an expression in nginx on X-Vouch-User/$auth_resp_x_vouch_user: https://gist.github.com/freva/fe6c8058070e7ed477a9f2b52b1ee492

It seems like $auth_resp_x_vouch_user is not set, so the "default" behavior in the map is always invoked.

Additional context
nginx version: 1.27.3

When I curl the vouch proxy, it does return X-Vouch-User:

$ curl http://192.168.0.24:9090/validate -H 'cookie: auth=xxx' -v 
*   Trying 192.168.0.24:9090...
* TCP_NODELAY set
* Connected to 192.168.0.24 (192.168.0.24) port 9090 (#0)
> GET /validate HTTP/1.1
> Host: 192.168.0.24:9090
> User-Agent: curl/7.68.0
> Accept: */*
> cookie: auth=xxx
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< X-Vouch-Success: true
< X-Vouch-User: [email protected]
< Date: Tue, 31 Dec 2024 22:22:46 GMT
< Content-Length: 7
< Content-Type: text/plain; charset=utf-8
< 
200 OK
* Connection #0 to host 192.168.0.24 left intact

If I log in as another user, it doesn't work. I've tried debugging this quite a bit, including the X-Meta header in the gist, which returns x-meta: | | OK