JWT Token / Auth Cookie add SameSite attribute and Secure flag to cookie.

[webgurus]

Hello,

I have an issue that I'm blocked by, the JWT auth token generation uses the wp_authenticate for logging in the user. The problem with this is that I'm trying to use the WP Site in an iframe on another platform and the JWT cookie that is required for subsequent API calls (using Authentication: Bearer <TOKEN>) is failing. It gives a 401 error on the api endpoints.

Based on some research, the cookies need to have SameSite:none and Secure: true attributes for this to work, but I'm not sure how and where to set these on the Token Cookie.

Can you point me in the right direction on how to allow this to work in an IFRAME?

Thanks, Marton