Added option for oidc to disable https only cookies for deployments using an ip

Moonlight.Api/Configuration/OidcOptions.cs

@@ -4,6 +4,7 @@ public class OidcOptions
 {
     public string Authority { get; set; }
     public bool RequireHttpsMetadata { get; set; } = true;
+    public bool DisableHttpsOnlyCookies { get; set; }
     public string ResponseType { get; set; } = "code";
     public string[]? Scopes { get; set; }
     public string ClientId { get; set; }

Moonlight.Api/Startup/Startup.Auth.cs

@@ -74,6 +74,12 @@ public partial class Startup
                 options.Authority = oidcOptions.Authority;
                 options.RequireHttpsMetadata = oidcOptions.RequireHttpsMetadata;
 
+                if (oidcOptions.DisableHttpsOnlyCookies)
+                {
+                    options.NonceCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
+                    options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
+                }
+
                 var scopes = oidcOptions.Scopes ?? ["openid", "email", "profile"];
 
                 options.Scope.Clear();