[Bug] NonceCookie and CorrelationCookie configurations provided in AddMicrosoftIdentityWebApp are not honored

[vh-vahan]

Which version of Microsoft Identity Web are you using? 1.12.0
Note that to get help, you need to run the latest version.

Where is the issue? AddMicrosoftIdentityWebApp method accepts Action to configure the MicrosoftIdentityOptions. MicrosoftIdentityOptions inherits from OpenIdConnectOptions, so it is possible to configure the Nonce cookie and Correlation cookie using the NonceCookie and CorrelationCookie properties that return CookieBuilder(for example change the samesite or secure settings). Though what i can see is that the provided configuration is ignored and the default is being returned as defined in the OpenIdConnectOptions.

• Web app
  • Sign-in users
  • Sign-in users and call web APIs
• Web API
  • Protected web APIs (validating tokens)
  • Protected web APIs (validating scopes)
  • Protected web APIs call downstream web APIs
• Token cache serialization
  • In-memory caches
  • Session caches
  • Distributed caches
• Other (please describe)

Is this a new or an existing app? This is a new app

Repro

Expected behavior
A clear and concise description of what you expected to happen (or code).
Nonce and Correlation cookies set in response should have the provided configuration(secure, samesite)

Actual behavior
A clear and concise description of what happens, e.g. an exception is thrown, UI freezes.
Nonce and Correlation cookies have the defaults set in OpenIdConnectOptions constructor

Possible solution

Additional context / logs / screenshots
Add any other context about the problem here, such as logs and screenshots.

[jennyf19]

@vh-vahan do you mind trying this branch to see if the issue is resolved?

[jennyf19]

Included in 1.16 release