protected override Task HandleSignInAsync(ClaimsPrincipal user, AuthenticationProperties properties) { AuthenticationLogMessages.SignInHandling(Logger); var token = _apiAuthenticationTokenBuilder.BuildToken(user.Identities.First()); AuthenticationLogMessages.AuthenticationTokenBuilt(Logger, token); var tokenRawHeaderAndPayload = $"{token.RawHeader}.{token.RawPayload}"; Response.Cookies.Append( key: Options.TokenHeaderAndPayloadCookieKey, value: tokenRawHeaderAndPayload, options: new CookieOptions() { IsEssential = true, SameSite = SameSiteMode.Strict, HttpOnly = false, Secure = true, Expires = token.ValidTo }); AuthenticationLogMessages.AuthenticationTokenHeaderAndPayloadAttached(Logger, Options.TokenHeaderAndPayloadCookieKey, tokenRawHeaderAndPayload); Response.Cookies.Append( key: Options.TokenSignatureCookieKey, value: token.RawSignature, options: new CookieOptions() { IsEssential = true, SameSite = SameSiteMode.Strict, HttpOnly = true, Secure = true, Expires = token.ValidTo }); AuthenticationLogMessages.AuthenticationTokenSignatureAttached(Logger, Options.TokenSignatureCookieKey, token.RawSignature); AuthenticationLogMessages.SignInHandled(Logger); return(Task.CompletedTask); }