Chris Ross

SameSite=None is required for almost all OIDC flows, which means https & secure are now required as well. An OIDC sign-in should have been using HTTPS in the past to...

@psteniusubi SameSite=None is required for the default OIDC flows. Disabling it isn't going to work. For local testing you either need to use https or to disable the same site...

Sorry, I should have prefaced this discussion with a few points: - This project is not in active development. We make only critical security and compatibility fixes here. All feature...

@shirhatti can you follow up here? Note https://github.com/aspnet/AspNetCoreModule/releases is obsolete.

Would that be dynamically per tenant? This component is not designed for multi-tenancy and we have no plans to add it. For a small number of tenants you can add...

Middleware aren't per-user, they're for the whole application. The client id and secret aren't user specific, right? If there really are only two providers then you should add them both...

> Yes, it's for the whole application and I have that use case as well. It's just those settings are required to be stored at database level. So how could...

> i will take a look on the links you have provided but i afraid those will not be useful as it is related to Asp.net Core. I am using...

Rather than trying to change the handler implementation, it seems better to set the OpenIdConnectAuthenticationOptions.AuthenticationMode to Passive so it doesn't trigger by default on your API calls. Have you tried...

The two code bases have been merged in IISIntegration.