OAuth fails intermittently with AWS Cognito

[randomusergit12]

trafficstars

Describe the bug OAuth authorise fails intermittently.

To Reproduce Steps to reproduce the behavior:

1. Configure Chainlit with AWS Cognito OAuth authentication
2. Navigate to the Chainlit application login page
3. Click on "Continue with Cognito"
4. Click on identity provider
5. Sometimes the redirect fails with 400 not found
6. Check the failing authorization URL and observe state parameter contains patterns like %Xk, %pk, %Y6 where the letter after % is not a valid hex digit

Additional context I am guessing this might be because of random string generation in for cookie state. So maybe it contains some characters that are rejected by cognito.

State values that worked

state=QMHEROhWoiLY*970rrvX/9jmQjJAPv_f  
state=pG~m=m?fXq6w0eWvu?_/luj2BCjVpKQ=  

State value that failed

state=il,Ik%3E^Bxt1G4KK,p9%Xk706p9wL3fce
state=5b>zc^iyq:jp-6?1ie3EgO0z43%pkU9O
state=%3EM@peyQ_ik%Y6_TCqvKgui4U^opgf_MA
state=CFx-K@du67e$wX^/z73G3J%3E1SX$a1z-R

Maybe it's due to ^ character or something.

https://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html

You can't set the value of a state parameter to a URL-encoded JSON string. To pass a string that matches this format in a state parameter, encode the string to base64, then decode it in your app.