phpMyAdmin OIDC Authentication with OAuth2-Proxy causing redirect loop between login and SignonURL page

I’m currently running phpMyAdmin and OAuth2-Proxy in my kubernetes cluster. OIDC authentication is working just fine, I’ve verified that PMA_USERNAME is being set properly, and I’m being authenticated by my IDP. However, I’m getting a too many redirect error, it seems like I’m stuck in a loop between /database/ and my /database/scripts/signon.php. As you can see below, I’ve tried everything so please excuse any unnecessary additions. Thanks in advance!

phpmyadmin-deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: phpmyadmin
  labels:
    app: phpmyadmin
spec:
  replicas: 1
  selector:
    matchLabels:
      app: phpmyadmin
  template:
    metadata:
      labels:
        app: phpmyadmin
    spec:
      containers:
        - name: phpmyadmin
          # image: phpmyadmin/phpmyadmin:latest
          image: phpmyadmin/phpmyadmin:5.2.1
          ports:
            - containerPort: 80
          env:
            - name: PMA_HOST
              value: "<DATABASE DNS>"
            - name: PMA_PORT
              value: "<DB PORT>"
            - name: PMA_ABSOLUTE_URI
              value: "https://<My Database URL>/database/"
            - name: PMA_ARBITRARY
              value: "0"
          lifecycle:
            postStart:
              exec:
                command:
                  - sh
                  - -c
                  - |
                    set -x  # Enable verbose output

                    # Disable username on login screen                    
                    sed -i 's/name="pma_username"/name="pma_username" disabled="disabled"/g' "/var/www/html/templates/login/form.twig"


                    # Create the directories
                    mkdir -p /etc/phpmyadmin/conf.d
                    mkdir -p /var/www/html/scripts

                    # Create the new config file
                    cat <<EOF > /etc/phpmyadmin/conf.d/config.signon.inc.php
                    <?php
                    for ($i = 1; isset($hosts[$i - 1]); $i++) {
                      $cfg['Servers'][$i]['auth_type'] = 'signon';
                      $cfg['Servers'][$i]['SignonURL'] = 'scripts/signon.php';
                      $cfg['Servers'][$i]['cookie_name'] = 'phpMyAdmin_https';
                    }
                    ?>
                    EOF

                    # Create the signon.php script
                    cat <<EOF > /var/www/html/scripts/signon.php
                    <?php
                    session_start();

                    // Check if the X-Auth-Request-Email header is present
                    if (isset($_SERVER['HTTP_X_AUTH_REQUEST_EMAIL'])) {
                      $username = $_SERVER['HTTP_X_AUTH_REQUEST_EMAIL'];

                      // Set the Session Variables
                      $_SESSION['pma_username'] = $username;

                      // Redirect to phpMyAdmin
                      error_log("Complete  _SERVER array: " . print_r($_SERVER, true));
                      header("Location: /database/");
                      exit;
                    } else {
                      // Handle the case where the header is missing
                      error_log("Complete  _SERVER array: " . print_r($_SERVER, true));
                      die("Access denied: Not authenticated by OAuth2-Proxy");
                    }
                    ?>
                    EOF
                    
                    # Change ownership to www-www-data
                    chown -R www-data:www-data /etc/phpmyadmin/conf.d
                    chown -R www-data:www-data /var/www/html/scripts

phpmyadmin-ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: phpmyadmin-ingress
  namespace: default
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /$2
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
    nginx.ingress.kubernetes.io/auth-url: http://oauth2-proxy.ingress-nginx.svc.cluster.local/oauth2/auth
    nginx.ingress.kubernetes.io/auth-signin: https://<My Database URL>/oauth2/start?rd=https://$host$request_uri
    nginx.ingress.kubernetes.io/auth-response-headers: "X-Auth-Request-Email"

spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - <My Database URL>
      secretName: <TLS SECRET>
  rules:
    - host: <My Database URL>
      http:
        paths:
          - path: /database(/|$)(.*)
            pathType: ImplementationSpecific
            backend:
              service:
                name: phpmyadmin-service
                port:
                  number: 80

oidc-values.yaml

config:
  existingSecret: oauth2-secret # includes client-id, client-secret, and cookie-secret

  configFile: |
    provider = "oidc"
    set_xauthrequest = true
    oidc_issuer_url = "https://<IDP URL>/oidc/<My Database URL>"
    email_domains = ["*"]
    cookie_secure = true
    upstreams = ["http://phpmyadmin.default.svc.cluster.local"]
    redirect_url = "https://<My Database URL>/oauth2/callback"
    #scope = "openid email profile"
    scope = "openid"
    profile_url = "https://<IDP URL>/oidc/<My Database URL>/userinfo"
    user_id_claim = "mail"
    pass_access_token = true
    pass_authorization_header = true
    pass_user_headers = true
    set_authorization_header = true
    cookie_domains = "<My Database URL>"
    #cookie_name = "_oauth2_proxy"
    cookie_refresh = "2m"
    cookie_expire = "24h"
    cookie_csrf_per_request= true
    cookie_csrf_expire = "5m"

extraArgs:
  - --cookie-secure=true
  - --cookie-samesite=lax
  - --whitelist-domain=<My Database URL>
  - --skip-provider-button
  - --user-id-claim=mail

ingress:
  enabled: true
  annotations:
    kubernetes.io/ingress.class: nginx
  hosts:
    - <My Database URL>
  path: /oauth2