Not able to retrieve user profile after signing in with passport-azure-ad and session cookie sameSite strict

Gonzalo Espinosa 20 Reputation points
2024-04-19T18:23:52.4633333+00:00

I am building a NodeJS application with passport-azure-ad and openidconnect strategy for Microsoft login. Despite setting the cookie session sameSite to strict, I'm not getting the user profile after sign-in. It works fine with sameSite=lax.

Microsoft Entra
0 comments No comments
{count} votes

Accepted answer
  1. James Hamil 25,236 Reputation points Microsoft Employee
    2024-04-23T20:33:05.9233333+00:00

    Hi @Gonzalo Espinosa , when the sameSite attribute is set to strict, the browser will only send the cookie in a first-party context, which means that the cookie will only be sent to the same site that set it. This can cause issues with cross-site authentication flows, such as the one used by passport-azure-ad. This document details possible solutions.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.