From 0e6fb41973b63b6fb9260851a2b2a9e8312e7729 Mon Sep 17 00:00:00 2001
From: szabto <szabto@gmail.com>
Date: Wed, 22 May 2024 16:38:43 +0200
Subject: [PATCH] Added possibility to configure SAMESITE property of the id
 token cookie

---
 flask_oidc/__init__.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/flask_oidc/__init__.py b/flask_oidc/__init__.py
index 5ca54a41..22fa6fc6 100644
--- a/flask_oidc/__init__.py
+++ b/flask_oidc/__init__.py
@@ -138,6 +138,7 @@ def init_app(self, app):
         app.config.setdefault('OIDC_GOOGLE_APPS_DOMAIN', None)
         app.config.setdefault('OIDC_ID_TOKEN_COOKIE_NAME', 'oidc_id_token')
         app.config.setdefault('OIDC_ID_TOKEN_COOKIE_PATH', '/')
+        app.config.setdefault('OIDC_ID_TOKEN_COOKIE_SAMESITE', 'Lax')
         app.config.setdefault('OIDC_ID_TOKEN_COOKIE_TTL', 7 * 86400)  # 7 days
         # should ONLY be turned off for local debugging
         app.config.setdefault('OIDC_COOKIE_SECURE', True)
@@ -394,6 +395,7 @@ def _after_request(self, response):
                 response.set_cookie(
                     current_app.config['OIDC_ID_TOKEN_COOKIE_NAME'],
                     signed_id_token,
+                    samesite=current_app.config['OIDC_ID_TOKEN_COOKIE_SAMESITE'],
                     secure=cookie_secure,
                     httponly=True,
                     max_age=current_app.config['OIDC_ID_TOKEN_COOKIE_TTL'])
@@ -403,6 +405,7 @@ def _after_request(self, response):
                     current_app.config['OIDC_ID_TOKEN_COOKIE_NAME'],
                     '',
                     path=current_app.config['OIDC_ID_TOKEN_COOKIE_PATH'],
+                    samesite=current_app.config['OIDC_ID_TOKEN_COOKIE_SAMESITE'],
                     secure=cookie_secure,
                     httponly=True,
                     expires=0)