Support for Same-site cookie attribute
With chrome version 80 cookies policies are more strict. before version 80 'SameSite=None' was the default, after 80 'SameSite=Strict' is default, causing setting cookies to fail after a redirect. (See https://blog.chromium.org/2019/10/developers-get-ready-for-new.html)
when a callback from an openid connect provider is done on /auth/rest/login/<providername> , a cookie is created by the AuthenticationTokenCookieInterceptor. This cookie is not marked with SameSite=None, so the cookie is not set as the url in the browser still shows the openidconnect website.
Caution: if you set SameSite=None then certain old browser versions (safari) will not work
*****NOTE: There is currently a bug affecting Mac OSX and iOS which causes SameSite=None cookies to be inadvertently treated as SameSite=Strict and therefore not sent with cross-site requests. (See https://bugs.webkit.org/show_bug.cgi?id=198181) Until this is fixed, SameSite=None may not work properly on Safari.*****