From 55186d34e5885abaef860e055e7e7957e1961b2d Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 12 Oct 2025 19:34:07 +0000
Subject: [PATCH 1/2] Initial plan


From b33bf9074355ae265ae0ce2d47033621d18db17e Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 12 Oct 2025 19:42:36 +0000
Subject: [PATCH 2/2] Fix OAuth state error by configuring proper cookie
 settings for external authentication

Co-authored-by: BenjaminMichaelis <22186029+BenjaminMichaelis@users.noreply.github.com>
---
 EssentialCSharp.Web/Program.cs | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/EssentialCSharp.Web/Program.cs b/EssentialCSharp.Web/Program.cs
index 1b83f672..65f6880d 100644
--- a/EssentialCSharp.Web/Program.cs
+++ b/EssentialCSharp.Web/Program.cs
@@ -10,6 +10,7 @@
 using EssentialCSharp.Web.Services;
 using EssentialCSharp.Web.Services.Referrals;
 using Mailjet.Client;
+using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Identity.UI.Services;
@@ -104,6 +105,22 @@ private static void Main(string[] args)
             options.Cookie.HttpOnly = true;
             options.ExpireTimeSpan = TimeSpan.FromMinutes(60);
             options.SlidingExpiration = true;
+            // Configure cookie settings for OAuth flows
+            options.Cookie.SameSite = SameSiteMode.Lax;
+            options.Cookie.SecurePolicy = builder.Environment.IsDevelopment() 
+                ? CookieSecurePolicy.SameAsRequest 
+                : CookieSecurePolicy.Always;
+        });
+
+        // Configure external authentication cookies for OAuth state management
+        builder.Services.Configure<CookieAuthenticationOptions>(IdentityConstants.ExternalScheme, options =>
+        {
+            options.Cookie.SameSite = SameSiteMode.Lax;
+            options.Cookie.SecurePolicy = builder.Environment.IsDevelopment() 
+                ? CookieSecurePolicy.SameAsRequest 
+                : CookieSecurePolicy.Always;
+            // Increase correlation cookie expiration to handle slow OAuth flows
+            options.ExpireTimeSpan = TimeSpan.FromMinutes(15);
         });
 
         if (builder.Environment.IsDevelopment())