Merge pull request 'Refactored to deal with cookie hell' (#82) from payments into master

Reviewed-on: #82

LiteCharms.Features/Extensions/Api.cs

@@ -42,18 +42,13 @@ public static class Api
             options.Scope.Add("profile");
             options.Scope.Add("email");
 
-            options.Events = new OpenIdConnectEvents
-            {
-                OnRedirectToIdentityProvider = context =>
-                {
-                    var fallbackUri = context.ProtocolMessage.RedirectUri;
+            options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.Always;
+            options.CorrelationCookie.SameSite = SameSiteMode.None;
+            options.CorrelationCookie.HttpOnly = true;
 
-                    if (fallbackUri.StartsWith("http://", StringComparison.OrdinalIgnoreCase))
-                        context.ProtocolMessage.RedirectUri = fallbackUri.Replace("http://", "https://", StringComparison.OrdinalIgnoreCase);
-
-                    return Task.CompletedTask;
-                }
-            };
+            options.NonceCookie.SecurePolicy = CookieSecurePolicy.Always;
+            options.NonceCookie.SameSite = SameSiteMode.None;
+            options.NonceCookie.HttpOnly = true;
         });
 
         return services;