OIDC login flow can't complete with AWS Cognito

[alkersan]

I've configured Vault with OIDC auth method with AWS Cognito provider. The login fails at the very end of the flow, when the popup window is trying to post back the auth code message to the parent window. I believe this is due to the same reason as described in #18648 , i.e. when redirected to cognito login portal - it sets Cross-Origin-Opener-Policy: same-origin, which prevents posting messages across windows.

To Reproduce

1. Configure OIDC auth method using AWS Cognito as provider. It's pretty generic, all required claims are included in the jwt and supposed to work even with external group mapping
2. Try to login with OIDC from web UI
3. Get an error Cannot read properties of null (reading 'postMessage'), which can be traced back here
   
4. Screen recording is below

Screen.Recording.2024-04-22.at.17.07.39.mov

Environment:

• Vault Server Version (retrieve with vault status): 1.16.1
• Vault CLI Version (retrieve with vault version): 1.16.1 (6b5986790d7748100de77f7f127119c4a0f78946), built 2024-04-03T12:35:53Z
• Server Operating System/Architecture: Debian 12 (bookworm), Linux 6.6.20

Additional context
Logging in from CLI (vault login -method=oidc -path=cognito) is working fine