Add new extension method that accepts a cookie manager.

[hammypants]

One cannot set the ICookieManager used by the underlying OpenIdConnectMiddleware. Instead of aborting out of the provided extension methods from Okta and referring to the source for partial reimplementation, just expose the ability to set it. Please see this reference from Microsoft.

I don't actually care if this gets merged, or if it is done in exactly this manner. I could not tell whether this way was preferable to exposing a new option, so I arbitrarily picked this one. This is just a non-API breaking example that fulfills my request.

If some way to expose the underlying ICookieManager is deemed out of scope or whatever, at the very least, some guidance in the documentation enlightening devs to implement their own extension methods or implementing Okta integration manually with OpenIdConnectMiddleware should be added.

I'm also doing this in part because doing a quick google search against the kinds of issues the reference above creates combined with the term "Okta" shows me a bunch of forum discussions where people are creating Session_Start() hacks and other things that make me yell "no!"

[bryanapellanes-okta]

@hammypants,
Thanks for reaching out! We will review your request internally to determine how best to address your concern. We'll comment here when there's more.

Thanks for using Okta!

[laura-rodriguez]

Hi @hammypants,

Can you just use the CookieMiddleware provided by the framework and set your CookieManager before adding the Okta middleware? Something like this:

   app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                // ...
                CookieManager = new MyCookieManager()
            });

This is the approach that usually people follow. Let us know if this helps. Thank you!

[laura-rodriguez]

Closing due to lack of activity. Feel free to reopen if this is still an issue.