Support For Chrome Cookie Extensions (CHIPS)

[jeffshirley]

Similarly to the SameSite extension a few years ago, Google is planning to imminently change the default handling of third party cookies in Chrome (see https://developers.google.com/privacy-sandbox/3pcd/chips for more information). In many use cases and scenarios involving framing a widget or similar in an external site, this will be required for third party cookies to continue to work on Chrome (for non-tracking purposes). They plan to enable this for 1% of users imminently. We still have some applications on .NET 4.x using ASPNetIdentity and this support is fairly crucial for some of our embedding scenarios where our site is embedded in a third party site (not for advertising, but for functionality). We need support for adding the "Partitioned" attribute to auth cookies to allow them to continue to be set in these use cases.

It appears that this has been addressed in the Core Identity library, but not the 4.x version: https://github.com/dotnet/aspnetcore/issues/39968

I'd propose that a new CookiePartitioned property be added to the CookieAuthenticationOptions class, and then used to send this attribute if true.

If there is some workaround to allow setting this additional attribute without adding an explicit property, I'd be open to hearing about it.