nonce cookies are not expired

After the user has finished signing on and the auth code flows back to the application and has been exchanged for the tokens, the parse-auth Lambda@Edge wants to clear the nonce cookies with these lines:

cloudfront-authorization-at-edge/src/lambda-edge/shared/shared.ts

Lines 445 to 451 in def3c66

    
           [ 
        
             "spa-auth-edge-nonce", 
        
             "spa-auth-edge-nonce-hmac", 
        
             "spa-auth-edge-pkce", 
        
           ].forEach((key) => { 
        
             cookies[key] = expireCookie(); 
        
           });

The generated HTTP response header looks like this:

set-cookie: spa-auth-edge-nonce=; Expires=Thu, 01 Jan 1970 00:00:00 GMT

Chrome (and potentially other browsers) does not recognize this as an indicator to expire/purge the cookie because the response header is missing other cookie properties.

According to https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.2, the Path property may need to be present and match the Path property as originally sent when the cookie was created. Not sure if other cookie properties are also relevant to the matching process.

Fixed in #207

	[
	"spa-auth-edge-nonce",
	"spa-auth-edge-nonce-hmac",
	"spa-auth-edge-pkce",
	].forEach((key) => {
	cookies[key] = expireCookie();
	});