--
When authenticating with ASP.NET Core 2.0 with OpenID Connect, the Identity cookie doesn't seem to be set when returning back from IdP which results in redirect loop. This same process works with iOS 11. 1. Visit site, access some protected resource 2. Set nonce, dedirect to IdP 3. Authenticate at IdP 4. Return back with POST request 5. Validate id_token, set identity cookie with samesite=lax policy 6. Redirect to the protected resource 7. Check for identity cookie - missing, return to step 2 I tested the same flow on PC (Edge, Firefox, Chrome) everything works fine. Any idea why Safari treats this case different? This is probably going to affect quite a lot of users accessing Microsoft's own services as well - once again, this site works just fine on Chrome or Edge.
--
By Jan Hajek see: https://bugs.webkit.org/show_bug.cgi?id=188165