Open feugen24 opened 2 years ago
Triage: Let's document this behavior in the docs to help others who will hit the same thing.
Might also consider changing the default for the External cookie to having SameSite None.
Thanks for contacting us.
We're moving this issue to the .NET 7 Planning
milestone for future evaluation / consideration. We would like to keep this around to collect more feedback, which can help us with prioritizing this work. We will re-evaluate this issue, during our next planning meeting(s).
If we later determine, that the issue has no community involvement, or it's very rare and low-impact issue, we will close it - so that the team can focus on more important and high impact issues.
To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.
Thanks for contacting us.
We're moving this issue to the .NET 8 Planning
milestone for future evaluation / consideration. We would like to keep this around to collect more feedback, which can help us with prioritizing this work. We will re-evaluate this issue, during our next planning meeting(s).
If we later determine, that the issue has no community involvement, or it's very rare and low-impact issue, we will close it - so that the team can focus on more important and high impact issues.
To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.
Is there an existing issue for this?
Describe the bug
I'm working on a asp.net core (.net 5, Authentication v5.0.13 packages ), app that uses Google login. All seemed to be working ok until I noticed android login from chrome no longer works.
This happened only when there are multiple logon accounts on mobile both android and safari on ipad (android chrome/settings- click on your account, add account). If I remove accounts and leave only one it works again.
The problem:
When /signin-google?state= path is called for single account I have in Request header "Referer: https://my-site.com/" but when there are multiple accounts it introduces the account pick screen and that changes "Referer: https://accounts.google.com/", because of this the cookie from response "Identity.External" is ignored because it has samesite=lax (see attached pic)
The next request is to ExternalLogin with no "Identity.External" cookie so "await _signInManager.GetExternalLoginInfoAsync();" will return null.
The fix: same as issue 318
I could not find this in docs or issues from other users, and it was very difficult to debug (~3 days) but the problem seems very general so maybe I'm missing something.
Expected Behavior
Google login should work with multiple accounts.
Steps To Reproduce
I assume a basic .net 5 (not sure about 6), nuget for authentication libs v5.0.13, project with Google authentication, multiple google accounts but without the code:
Exceptions (if any)
await _signInManager.GetExternalLoginInfoAsync(); returns null
.NET Version
5
Anything else?