Client and server on different domains - No correlation cookie with the specified state can be found

Confirm you’ve already contributed to this project or that you sponsor it

• I confirm I’m a sponsor or a contributor

Version

4.x (in preview)

Question

Hi,

I modified the Velusia sample (latest dev branch) so that:

• the client runs on http://b.local2:44338
• the server runs on http://a.local1:44313

(b.local2 and a.local1 point to 127.0.0.1 in etc/hosts)

I also disabled TransportSecurityRequirement so it runs on http for testing and I will need http also in the staging environment.

Everything works fine until callback/login is called on the client and it fails with:

error:invalid_request
error_description:No correlation cookie associated with the specified state can be found. Please try logging in again. If the error persists, please contact the website owner.
error_uri:https://documentation.openiddict.com/errors/ID2129

I also noticed, that it works fine, if the client runs on http://localhost:44338 but fails if it is on a different domain (http://b.local2:44338 ).

I did also try to add

   services.ConfigureApplicationCookie(options =>
        {
            options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None;
        });

On client and the server. Am I missing something? Kind regards, Miha