LS-Login was broken, because with a SameSite=strict cookie, cookies are not sent immediately following a redirect, so Rails creates a new session for the user which does not have the stored OAuth2 state or nonce, causing verification to fail.
Checklist
[x] I have read and followed the CONTRIBUTING guide.
[x] I confirm that I have the authority necessary to make this contribution on behalf of its copyright owner and agree
to license it to the TeSS codebase under the
BSD license.
Summary of changes
Motivation and context
LS-Login was broken, because with a
SameSite=strictcookie, cookies are not sent immediately following a redirect, so Rails creates a new session for the user which does not have the stored OAuth2 state or nonce, causing verification to fail.Checklist