I ran into this problem as well and found that there’s a new option needed:
After adding this, my dashboard was working again.
I was curious as to why the tutorial was doing both auth.proxy and auth.jwt. They seem redundant, and my guess is you’d only use the proxy header method if you were unable or uninterested in using JWT.
I changed my config to get rid of all auth.proxy config. As a result, it caused new user records to be created the next time they logged-in. Looking in the user_auth table, the new users have auth_module=jwt.
To avoid new user records being created, I found doing this data migration fixed it for me. The first query strips the namespace from the login and email e.g. accounts.google.com:email@example.com becomes firstname.lastname@example.org.
Then, get rid of the no-longer-used auth records.
-- strip the "accounts.google.com:" prefix
update "user" set
login = split_part(login, ':', 2),
email = split_part(login, ':', 2)
where login like 'accounts.google.com:%'
and email like 'accounts.google.com:%';
-- remove obsolete auth records.
-- new records will be created with `auth_module=jwt` and a different `auth_id`,
-- but will be matched up to existing `user` records.
delete from user_auth where auth_module = 'authproxy';
My theory is that prior to 9.1, the proxy method was tried before JWT, and now JWT is tried first and without auth_sign_up = true, it fails.