1

The requirements are:

  1. Use http://localhost and then redirect to complete OAuth process and redirect back.
  2. Use Chrome with default settings. I know I can just change some flags to fix this.
  3. Use the .NET Core library for Auth Code Grant. I also know I can write my own code for this.

You can see all our code in this repo and here is a direct link to startup.cs.

The cookie related code in there is this:

services.Configure<CookiePolicyOptions>(options =>
        {
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.None;
        });

I tried to either remove the above code or change it in different ways - no go. I also read this article and tried to use the code that was offered in there - didn't work. I also tried all of the different solutions offered on this thread. Again, nothing seemed to work. Is there any option to still use http and samesite cookies with Chrome and prevent .NET Core from giving me this error?

Inbar Gazit
  • 12,566
  • 1
  • 16
  • 23

1 Answers1

0

Could you capture and post the Authorization Code Grant request and response details? It is not clear whether or not your problem is related to SSL.

ASIDE: REAL WORLD OAUTH DEVELOPER SETUP

When working with OAuth tech, I always run with real world URLs on a developer PC:

This results in fewest technical / trust issues - I never use URLs such as http://localhost:3000.

It is not too difficult and this approach may resolve your issues - if it helps here are a few resources:

Gary Archer
  • 22,534
  • 2
  • 12
  • 24
  • Gary, thank you but this is an absolute requirement of this one - we must use localhost. I wrote this very early in the question. This is not a real world project, it's an educational project to help beginner developers. So your answer didn't really help, but I still appreciate it. – Inbar Gazit Sep 04 '20 at 15:54