From fa4283439e74f1878494ae8733a86ab3cc4c212a Mon Sep 17 00:00:00 2001
From: James Gunn <james@gunn.io>
Date: Mon, 11 May 2026 15:27:57 +0100
Subject: [PATCH] Fix OidcTests on Mac

---
 .../TestAppConfiguration.cs                   | 26 +++++++++++++++----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/TestAppConfiguration.cs b/TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/TestAppConfiguration.cs
index 1fed269bb8..a46f3baf42 100644
--- a/TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/TestAppConfiguration.cs
+++ b/TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/TestAppConfiguration.cs
@@ -39,14 +39,22 @@ public static WebApplicationBuilder AddTestApp(this WebApplicationBuilder builde
 
             authBuilder.AddOpenIdConnect(TestAppConfiguration.AuthenticationSchemeName, options =>
             {
-                ConfigureOpenIdConnectOptions(options, TestAppConfiguration.ClientId, TestAppConfiguration.ClientSecret,
-                    TestAppConfiguration.RedirectUriPath, TestAppConfiguration.PostLogoutRedirectUriPath);
+                ConfigureOpenIdConnectOptions(
+                    options,
+                    TestAppConfiguration.ClientId,
+                    TestAppConfiguration.ClientSecret,
+                    TestAppConfiguration.RedirectUriPath,
+                    TestAppConfiguration.PostLogoutRedirectUriPath);
             });
 
             authBuilder.AddOpenIdConnect(DeferredTestAppConfiguration.AuthenticationSchemeName, options =>
             {
-                ConfigureOpenIdConnectOptions(options, DeferredTestAppConfiguration.ClientId, DeferredTestAppConfiguration.ClientSecret,
-                    DeferredTestAppConfiguration.RedirectUriPath, DeferredTestAppConfiguration.PostLogoutRedirectUriPath);
+                ConfigureOpenIdConnectOptions(
+                    options,
+                    DeferredTestAppConfiguration.ClientId,
+                    DeferredTestAppConfiguration.ClientSecret,
+                    DeferredTestAppConfiguration.RedirectUriPath,
+                    DeferredTestAppConfiguration.PostLogoutRedirectUriPath);
             });
         }
         else
@@ -59,7 +67,12 @@ public static WebApplicationBuilder AddTestApp(this WebApplicationBuilder builde
         return builder;
     }
 
-    private static void ConfigureOpenIdConnectOptions(OpenIdConnectOptions options, string clientId, string clientSecret, string callbackPath, string signedOutCallbackPath)
+    private static void ConfigureOpenIdConnectOptions(
+        OpenIdConnectOptions options,
+        string clientId,
+        string clientSecret,
+        string callbackPath,
+        string signedOutCallbackPath)
     {
         options.Authority = "https://localhost:7236";
         options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
@@ -83,6 +96,9 @@ private static void ConfigureOpenIdConnectOptions(OpenIdConnectOptions options,
         options.ClaimActions.Add(new MapJsonClaimAction(AuthorizeAccessClaimTypes.VerifiedName));
         options.ClaimActions.Add(new MapJsonClaimAction(AuthorizeAccessClaimTypes.VerifiedDateOfBirth));
 
+        options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.None;
+        options.NonceCookie.SecurePolicy = CookieSecurePolicy.None;
+
         options.Events.OnRedirectToIdentityProvider = ctx =>
         {
             if (ctx.Properties.Parameters.TryGetValue("TrnToken", out var trnTokenObj) && trnTokenObj is string trnToken)