Google external login problem some browsers

Question

User1230559574 posted

Using ASP.NET Core 3.1-Identity 3.1-Nginx-Ubuntu, I have a web app with no problem on Google sign-in oauth2 while on localhost/IIS.

When transfer application to Ubuntu/Nginx(reverse proxy) , Mozilla Firefox is good but I have error/warning using chrome and opera browsers:

WARN|Microsoft.AspNetCore.Authentication.Google.GoogleHandler|'.AspNetCore.Correlation.Google.???' cookie not found.
ERROR|An error was encountered while handling the remote login.
 ---> System.Exception: Correlation failed.

I tried to modify my Nginx headers, but I do not know if it is related to Nginx, cuz it is good in Mozilla-firefox.

This is my Startup.cs :

public void ConfigureServices(IServiceCollection services)
{
 services.PostConfigure<CookieAuthenticationOptions> (IdentityConstants.ApplicationScheme, option =>
   {
       option.Cookie.Name = "myApp_2"; //Login Cookie
       option.ExpireTimeSpan = TimeSpan.FromDays(30);
   });

  services.AddAuthentication().AddGoogle(options =>
    {
        options.ClientId = "???.apps.googleusercontent.com";
        options.ClientSecret = "???";
    })
.   .   .

Any hint is appreciable. I'm in local yet and not using HTTPS/SSL.

location / {
        proxy_pass         http://localhost:5002;
        proxy_http_version 1.1;
	Proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
}

Update 1: when I add the following to my startup.cs, the problem resolved but do know nothing about it ! 

        private void CheckSameSite(HttpContext httpContext, CookieOptions options)
        {
            if (options.SameSite == Microsoft.AspNetCore.Http.SameSiteMode.None)
            {
                var userAgent = httpContext.Request.Headers["User-Agent"].ToString();
                // TODO: Use your User Agent library of choice here. 
                if (true)
                {
                    options.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Unspecified;
                }
            }
        }
  
        public void ConfigureServices(IServiceCollection services)
        {
           
            services.Configure<CookiePolicyOptions>(options =>
            {
                options.MinimumSameSitePolicy = Microsoft.AspNetCore.Http.SameSiteMode.Unspecified;
                options.OnAppendCookie = cookieContext =>
                    CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
                options.OnDeleteCookie = cookieContext =>
                    CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
            });
            
        }

        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
           
            app.UseCookiePolicy();
	}

Answer 1

User-474980206 posted

You should use the browsers network trace to see why the cookie is dropped.

Answer 2

User1230559574 posted

Thanks for replying. I found that update 1 , modifying `SameSiteMode` could resolve the problem though I couldn't understand what's happenning in side the code !! 

I traced the cookie in developer, in firefox and opera. Some cookie related to https://accounts.google.com maybe are lost within the external login process.

Answer 3

User-474980206 posted

chrome changed its security policy for cookies. 

  https://web.dev/samesite-cookies-explained/