I have a .net Core 2 app using .net Core Identity. I am using JWT tokens as opposed to cookies. I have external providers like LinkedIn but upon testing a published (to Azure) API I have found that the Identity.External cookies are not being excepted by the browser. My client is a vue.js application pushed from a node server, not a .net Core webapp.
I know that I can manage external logins in a manual way but I am curious if there is some way to still use the Identity middleware? Can the OnCreatingTicket event in the AddOAuth method be generate a JWT token to send back to the client instead of a cookie?
I discovered that the Identity.External cookie is by the Provider you add in the Startup.cs file. The provider(LinkedIn, Google etc) responds to the CallbackPath defined by yourself or the included provider code. The request then pushes the cookie into the response BUT ExternalCallback in the AccountController is called first. Inside the ExternalCallback I return all the provider information I need, that is usually found in the cookie, back to my client. I then push this same information back to my registration controller action and have it available when I create the user. No cookie needed. In fact I delete the cookie from the response (passed by the provider defined in startup) in the ExternalCallback endpoint - HttpContext.Response.Cookies.Delete("Identity.External").