Token missing after initial redirect

[fero1xd]

It seems that after being redirected from /callback to /, the access and refresh tokens are not present in the request. However, after the initial redirect, every subsequent request appears to include the tokens. I'm not very familiar with Astro, so this might be something specific to the framework. Here are some screenshots.

This results in user getting redirected back to the authorize page.

[adpadillar]

i got a similar problem in nextjs and i fixed it by using sameSite: "lax" instead of "strict" while setting the cookies.

export async function setTokens(access: string, refresh: string) {
  const c = await cookies();

  c.set("access_token", access, {
    httpOnly: true,
    sameSite: "lax", // strict breaks?
    path: "/",
    maxAge: 34560000,
  });

  c.set("refresh_token", refresh, {
    httpOnly: true,
    sameSite: "lax",
    path: "/",
    maxAge: 34560000,
  });
}

might be good to open a pr to update the astro example if people get confused by this? that's how i ended up with the same problem

related: vercel/next.js#17612

[ripley]

might be good to open a pr to update the astro example if people get confused by this? that's how i ended up with the same problem

related: vercel/next.js#17612

Yeah not only astro, I ran into the same issue with the Lambda example.