The SetJwtCookieMiddleware skips setting (and deleting) the JWT cookie when the configured authentication provider does not match the one from the authenticated token.
Since these options are configured globally this will lead to the middleware to skip setting the cookie when multiple OIDC services are configured.
The
SetJwtCookieMiddleware
skips setting (and deleting) the JWT cookie when the configured authentication provider does not match the one from the authenticated token. Since these options are configured globally this will lead to the middleware to skip setting the cookie when multiple OIDC services are configured.Steps to reproduce
Expected behavior
After the OIDC redirect, a cookie "some-cookie-name" is set containing the JWT
Actual behavior
Depending on the loading order the cookie is only set for one of the services