ActiveLogin
diff --git a/‎src/ActiveLogin.Authentication.BankId.AspNetCore/Areas/ActiveLogin/Controllers/BankIdUiApiControllerBase.cs‎
Lines changed: 19 additions & 2 deletions b/‎src/ActiveLogin.Authentication.BankId.AspNetCore/Areas/ActiveLogin/Controllers/BankIdUiApiControllerBase.cs‎
Lines changed: 19 additions & 2 deletions
diff --git a/‎src/ActiveLogin.Authentication.BankId.AspNetCore/Areas/ActiveLogin/Controllers/BankIdUiAuthApiController.cs‎
Lines changed: 4 additions & 2 deletions b/‎src/ActiveLogin.Authentication.BankId.AspNetCore/Areas/ActiveLogin/Controllers/BankIdUiAuthApiController.cs‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎src/ActiveLogin.Authentication.BankId.AspNetCore/Areas/ActiveLogin/Controllers/BankIdUiAuthController.cs‎
Lines changed: 6 additions & 4 deletions b/‎src/ActiveLogin.Authentication.BankId.AspNetCore/Areas/ActiveLogin/Controllers/BankIdUiAuthController.cs‎
Lines changed: 6 additions & 4 deletions
diff --git a/‎src/ActiveLogin.Authentication.BankId.AspNetCore/Areas/ActiveLogin/Controllers/BankIdUiControllerBase.cs‎
Lines changed: 11 additions & 7 deletions b/‎src/ActiveLogin.Authentication.BankId.AspNetCore/Areas/ActiveLogin/Controllers/BankIdUiControllerBase.cs‎
Lines changed: 11 additions & 7 deletions
diff --git a/‎src/ActiveLogin.Authentication.BankId.AspNetCore/Areas/ActiveLogin/Controllers/BankIdUiPaymentApiController.cs‎
Lines changed: 4 additions & 2 deletions b/‎src/ActiveLogin.Authentication.BankId.AspNetCore/Areas/ActiveLogin/Controllers/BankIdUiPaymentApiController.cs‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎src/ActiveLogin.Authentication.BankId.AspNetCore/Areas/ActiveLogin/Controllers/BankIdUiPaymentController.cs‎
Lines changed: 4 additions & 2 deletions b/‎src/ActiveLogin.Authentication.BankId.AspNetCore/Areas/ActiveLogin/Controllers/BankIdUiPaymentController.cs‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎src/ActiveLogin.Authentication.BankId.AspNetCore/Areas/ActiveLogin/Controllers/BankIdUiSignApiController.cs‎
Lines changed: 4 additions & 2 deletions b/‎src/ActiveLogin.Authentication.BankId.AspNetCore/Areas/ActiveLogin/Controllers/BankIdUiSignApiController.cs‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎src/ActiveLogin.Authentication.BankId.AspNetCore/Areas/ActiveLogin/Controllers/BankIdUiSignController.cs‎
Lines changed: 4 additions & 2 deletions b/‎src/ActiveLogin.Authentication.BankId.AspNetCore/Areas/ActiveLogin/Controllers/BankIdUiSignController.cs‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎src/ActiveLogin.Authentication.BankId.AspNetCore/Areas/ActiveLogin/Models/BankIdUiScriptInitState.cs‎
Lines changed: 2 additions & 2 deletions b/‎src/ActiveLogin.Authentication.BankId.AspNetCore/Areas/ActiveLogin/Models/BankIdUiScriptInitState.cs‎
Lines changed: 2 additions & 2 deletions
@@ -5,6 +5,7 @@
 using ActiveLogin.Authentication.BankId.Api.Models;
 using ActiveLogin.Authentication.BankId.Api.UserMessage;
 using ActiveLogin.Authentication.BankId.AspNetCore.Areas.ActiveLogin.Models;
+using ActiveLogin.Authentication.BankId.AspNetCore.Cookies;
 using ActiveLogin.Authentication.BankId.AspNetCore.DataProtection;
 using ActiveLogin.Authentication.BankId.AspNetCore.Helpers;
 using ActiveLogin.Authentication.BankId.AspNetCore.Models;
@@ -25,6 +26,7 @@ public abstract class BankIdUiApiControllerBase : ControllerBase
     protected readonly IBankIdUiOrderRefProtector OrderRefProtector;
     protected readonly IBankIdQrStartStateProtector QrStartStateProtector;
     protected readonly IBankIdUiOptionsProtector UiOptionsProtector;
+    protected readonly IBankIdUiOptionsCookieManager UiOptionsCookieManager;
 
     private readonly IBankIdUserMessage _bankIdUserMessage;
     private readonly IBankIdUserMessageLocalizer _bankIdUserMessageLocalizer;
@@ -35,6 +37,7 @@ protected BankIdUiApiControllerBase(
         IBankIdUiOrderRefProtector orderRefProtector,
         IBankIdQrStartStateProtector qrStartStateProtector,
         IBankIdUiOptionsProtector uiOptionsProtector,
+        IBankIdUiOptionsCookieManager uiOptionsCookieManager,
 
         IBankIdUserMessage bankIdUserMessage,
         IBankIdUserMessageLocalizer bankIdUserMessageLocalizer,
@@ -46,6 +49,7 @@ IBankIdUiResultProtector uiAuthResultProtector
         OrderRefProtector = orderRefProtector;
         QrStartStateProtector = qrStartStateProtector;
         UiOptionsProtector = uiOptionsProtector;
+        UiOptionsCookieManager = uiOptionsCookieManager;
 
         _bankIdUserMessage = bankIdUserMessage;
         _bankIdUserMessageLocalizer = bankIdUserMessageLocalizer;
@@ -66,7 +70,7 @@ public async Task<ActionResult> Status(BankIdUiApiStatusRequest request)
         }
 
         var orderRef = OrderRefProtector.Unprotect(request.OrderRef);
-        var uiOptions = UiOptionsProtector.Unprotect(request.UiOptions);
+        var uiOptions = ResolveProtectedUiOptions(request.UiOptions);
 
         BankIdFlowCollectResult result;
         try
@@ -88,6 +92,8 @@ public async Task<ActionResult> Status(BankIdUiApiStatusRequest request)
             case BankIdFlowCollectResultComplete complete:
             {
                 var uiResult = ConstructProtectedUiResult(orderRef.OrderRef, complete.CompletionData);
+                UiOptionsCookieManager.Delete(request.UiOptions);
+
                 return OkJsonResult(BankIdUiApiStatusResponse.Finished(request.ReturnUrl, uiResult));
             }
             case BankIdFlowCollectResultRetry retry:
@@ -96,6 +102,8 @@ public async Task<ActionResult> Status(BankIdUiApiStatusRequest request)
             }
             case BankIdFlowCollectResultFailure failure:
             {
+                UiOptionsCookieManager.Delete(request.UiOptions);
+
                 return BadRequestJsonResult(new BankIdUiApiErrorResponse(failure.StatusMessage));
             }
             default:
@@ -125,7 +133,7 @@ public async Task<ActionResult> Cancel(BankIdUiApiCancelRequest request)
         Validators.ThrowIfNullOrWhitespace(request.UiOptions, nameof(request.UiOptions));
 
         var orderRef = OrderRefProtector.Unprotect(request.OrderRef);
-        var uiOptions = UiOptionsProtector.Unprotect(request.UiOptions);
+        var uiOptions = ResolveProtectedUiOptions(request.UiOptions);
 
         await BankIdFlowService.Cancel(orderRef.OrderRef, uiOptions.ToBankIdFlowOptions());
 
@@ -179,4 +187,13 @@ protected static ActionResult BadRequestJsonResult(object model)
             Content = JsonSerializer.Serialize(model, JsonSerializerOptions)
         };
     }
+
+    /// <summary>
+    /// Resolves the UiOptions from either a GUID (stored in cookie) or the direct protected value.
+    /// </summary>
+    protected BankIdUiOptions ResolveProtectedUiOptions(string protectedUiOptionsOrGuid)
+    {
+        return UiOptionsCookieManager.Retrieve(protectedUiOptionsOrGuid)
+            ?? throw new InvalidOperationException(BankIdConstants.ErrorMessages.InvalidUiOptions);
+    }
 }
@@ -1,6 +1,7 @@
 using ActiveLogin.Authentication.BankId.Api;
 using ActiveLogin.Authentication.BankId.Api.UserMessage;
 using ActiveLogin.Authentication.BankId.AspNetCore.Areas.ActiveLogin.Models;
+using ActiveLogin.Authentication.BankId.AspNetCore.Cookies;
 using ActiveLogin.Authentication.BankId.AspNetCore.DataProtection;
 using ActiveLogin.Authentication.BankId.AspNetCore.Helpers;
 using ActiveLogin.Authentication.BankId.AspNetCore.Models;
@@ -24,10 +25,11 @@ public BankIdUiAuthApiController(
         IBankIdUiOrderRefProtector orderRefProtector,
         IBankIdQrStartStateProtector qrStartStateProtector,
         IBankIdUiOptionsProtector uiOptionsProtector,
+        IBankIdUiOptionsCookieManager uiOptionsCookieManager,
         IBankIdUserMessage bankIdUserMessage,
         IBankIdUserMessageLocalizer bankIdUserMessageLocalizer,
         IBankIdUiResultProtector uiAuthResultProtector)
-        : base(bankIdFlowService, orderRefProtector, qrStartStateProtector, uiOptionsProtector, bankIdUserMessage, bankIdUserMessageLocalizer, uiAuthResultProtector)
+        : base(bankIdFlowService, orderRefProtector, qrStartStateProtector, uiOptionsProtector, uiOptionsCookieManager, bankIdUserMessage, bankIdUserMessageLocalizer, uiAuthResultProtector)
     {
     }
 
@@ -38,7 +40,7 @@ public async Task<ActionResult<BankIdUiApiInitializeResponse>> Initialize(BankId
         Validators.ThrowIfNullOrWhitespace(request.ReturnUrl, nameof(request.ReturnUrl));
         Validators.ThrowIfNullOrWhitespace(request.UiOptions, nameof(request.UiOptions));
 
-        var uiOptions = UiOptionsProtector.Unprotect(request.UiOptions);
+        var uiOptions = ResolveProtectedUiOptions(request.UiOptions);
 
         BankIdFlowInitializeResult bankIdFlowInitializeResult;
         try
 
@@ -1,3 +1,4 @@
+using ActiveLogin.Authentication.BankId.AspNetCore.Cookies;
 using ActiveLogin.Authentication.BankId.AspNetCore.DataProtection;
 using ActiveLogin.Authentication.BankId.AspNetCore.StateHandling;
 using ActiveLogin.Authentication.BankId.Core.UserMessage;
@@ -20,17 +21,18 @@ public BankIdUiAuthController(
         IBankIdUserMessageLocalizer bankIdUserMessageLocalizer,
         IBankIdUiOptionsProtector uiOptionsProtector,
         IBankIdInvalidStateHandler bankIdInvalidStateHandler,
-        IBankIdUiStateProtector bankIdUiStateProtector
+        IBankIdUiStateProtector bankIdUiStateProtector,
+        IBankIdUiOptionsCookieManager uiOptionsCookieManager
     )
-        : base(antiforgery, localizer, bankIdUserMessageLocalizer, uiOptionsProtector, bankIdInvalidStateHandler, bankIdUiStateProtector)
+        : base(antiforgery, localizer, bankIdUserMessageLocalizer, uiOptionsProtector, bankIdInvalidStateHandler, bankIdUiStateProtector, uiOptionsCookieManager)
     {
 
     }
 
     [HttpGet]
     [Route($"/[area]/{BankIdConstants.Routes.BankIdPathName}/{BankIdConstants.Routes.BankIdAuthControllerPath}")]
-    public Task<ActionResult> Init(string returnUrl, [FromQuery(Name = BankIdConstants.QueryStringParameters.UiOptions)] string protectedUiOptions)
+    public Task<ActionResult> Init(string returnUrl, [FromQuery(Name = BankIdConstants.QueryStringParameters.UiOptions)] string uiOptionsGuid)
     {
-        return Initialize(returnUrl, BankIdConstants.Routes.BankIdAuthApiControllerName, protectedUiOptions, "Init");
+        return Initialize(returnUrl, BankIdConstants.Routes.BankIdAuthApiControllerName, uiOptionsGuid, "Init");
     }
 }
@@ -1,5 +1,6 @@
 using ActiveLogin.Authentication.BankId.Api.UserMessage;
 using ActiveLogin.Authentication.BankId.AspNetCore.Areas.ActiveLogin.Models;
+using ActiveLogin.Authentication.BankId.AspNetCore.Cookies;
 using ActiveLogin.Authentication.BankId.AspNetCore.DataProtection;
 using ActiveLogin.Authentication.BankId.AspNetCore.Helpers;
 using ActiveLogin.Authentication.BankId.AspNetCore.Models;
@@ -23,34 +24,37 @@ public abstract class BankIdUiControllerBase : Controller
     private readonly IBankIdUiOptionsProtector _uiOptionsProtector;
     private readonly IBankIdInvalidStateHandler _bankIdInvalidStateHandler;
     private readonly IBankIdUiStateProtector _bankIdUiStateProtector;
+    private readonly IBankIdUiOptionsCookieManager _uiOptionsCookieManager;
 
     protected BankIdUiControllerBase(
         IAntiforgery antiforgery,
         IStringLocalizer<ActiveLoginResources> localizer,
         IBankIdUserMessageLocalizer bankIdUserMessageLocalizer,
         IBankIdUiOptionsProtector uiOptionsProtector,
         IBankIdInvalidStateHandler bankIdInvalidStateHandler,
-        IBankIdUiStateProtector bankIdUiStateProtector)
+        IBankIdUiStateProtector bankIdUiStateProtector,
+        IBankIdUiOptionsCookieManager uiOptionsCookieManager)
     {
         _antiforgery = antiforgery;
         _localizer = localizer;
         _bankIdUserMessageLocalizer = bankIdUserMessageLocalizer;
         _uiOptionsProtector = uiOptionsProtector;
         _bankIdInvalidStateHandler = bankIdInvalidStateHandler;
         _bankIdUiStateProtector = bankIdUiStateProtector;
+        _uiOptionsCookieManager = uiOptionsCookieManager;
     }
 
-    protected async Task<ActionResult> Initialize(string returnUrl, string apiControllerName, string protectedUiOptions, string viewName)
+    protected async Task<ActionResult> Initialize(string returnUrl, string apiControllerName, string uiOptionsGuid, string viewName)
     {
         Validators.ThrowIfNullOrWhitespace(returnUrl);
-        Validators.ThrowIfNullOrWhitespace(protectedUiOptions, BankIdConstants.QueryStringParameters.UiOptions);
+        Validators.ThrowIfNullOrWhitespace(uiOptionsGuid, BankIdConstants.QueryStringParameters.UiOptions);
 
         if (!Url.IsLocalUrl(returnUrl))
         {
             throw new ArgumentException(BankIdConstants.ErrorMessages.InvalidReturnUrl);
         }
 
-        var uiOptions = _uiOptionsProtector.Unprotect(protectedUiOptions);
+        var uiOptions = _uiOptionsCookieManager.Retrieve(uiOptionsGuid) ?? throw new InvalidOperationException(BankIdConstants.ErrorMessages.InvalidUiOptions);
         if (!HasStateCookie(uiOptions))
         {
             var invalidStateContext = new BankIdInvalidStateContext(uiOptions.CancelReturnUrl);
@@ -71,7 +75,7 @@ protected async Task<ActionResult> Initialize(string returnUrl, string apiContro
         }
         var state = _bankIdUiStateProtector.Unprotect(protectedState);
 
-        var viewModel = GetUiViewModel(returnUrl, apiControllerName, protectedUiOptions, uiOptions, state, antiforgeryTokens);
+        var viewModel = GetUiViewModel(returnUrl, apiControllerName, uiOptionsGuid, uiOptions, state, antiforgeryTokens);
 
         return View(viewName, viewModel);
     }
@@ -87,7 +91,7 @@ private bool HasStateCookie(BankIdUiOptions uiOptions)
         return !string.IsNullOrEmpty(HttpContext.Request.Cookies[uiOptions.StateCookieName]);
     }
 
-    private BankIdUiViewModel GetUiViewModel(string returnUrl, string apiControllerName, string protectedUiOptions, BankIdUiOptions unprotectedUiOptions, BankIdUiState uiState, AntiforgeryTokenSet antiforgeryTokens)
+    private BankIdUiViewModel GetUiViewModel(string returnUrl, string apiControllerName, string uiOptionsGuid, BankIdUiOptions unprotectedUiOptions, BankIdUiState uiState, AntiforgeryTokenSet antiforgeryTokens)
     {
         Validators.ThrowIfNullOrWhitespace(antiforgeryTokens.RequestToken, nameof(antiforgeryTokens.RequestToken));
 
@@ -116,7 +120,7 @@ private BankIdUiViewModel GetUiViewModel(string returnUrl, string apiControllerN
             ReturnUrl = returnUrl,
             CancelReturnUrl = Url.Content(unprotectedUiOptions.CancelReturnUrl),
 
-            ProtectedUiOptions = protectedUiOptions
+            UiOptionsGuid = uiOptionsGuid
         };
 
         var localizedStartAppButtonText = _localizer["StartApp_Button"];
 
@@ -1,6 +1,7 @@
 using ActiveLogin.Authentication.BankId.Api;
 using ActiveLogin.Authentication.BankId.Api.UserMessage;
 using ActiveLogin.Authentication.BankId.AspNetCore.Areas.ActiveLogin.Models;
+using ActiveLogin.Authentication.BankId.AspNetCore.Cookies;
 using ActiveLogin.Authentication.BankId.AspNetCore.DataProtection;
 using ActiveLogin.Authentication.BankId.AspNetCore.Helpers;
 using ActiveLogin.Authentication.BankId.AspNetCore.Models;
@@ -28,11 +29,12 @@ public BankIdUiPaymentApiController(
         IBankIdUiOrderRefProtector orderRefProtector,
         IBankIdQrStartStateProtector qrStartStateProtector,
         IBankIdUiOptionsProtector uiOptionsProtector,
+        IBankIdUiOptionsCookieManager uiOptionsCookieManager,
         IBankIdUserMessage bankIdUserMessage,
         IBankIdUserMessageLocalizer bankIdUserMessageLocalizer,
         IBankIdUiResultProtector uiAuthResultProtector,
         IBankIdUiStateProtector bankIdUiStateProtector)
-        : base(bankIdFlowService, orderRefProtector, qrStartStateProtector, uiOptionsProtector, bankIdUserMessage, bankIdUserMessageLocalizer, uiAuthResultProtector)
+        : base(bankIdFlowService, orderRefProtector, qrStartStateProtector, uiOptionsProtector, uiOptionsCookieManager, bankIdUserMessage, bankIdUserMessageLocalizer, uiAuthResultProtector)
     {
         _bankIdUiStateProtector = bankIdUiStateProtector;
     }
@@ -44,7 +46,7 @@ public async Task<ActionResult<BankIdUiApiInitializeResponse>> Initialize(BankId
         Validators.ThrowIfNullOrWhitespace(request.ReturnUrl, nameof(request.ReturnUrl));
         Validators.ThrowIfNullOrWhitespace(request.UiOptions, nameof(request.UiOptions));
 
-        var uiOptions = UiOptionsProtector.Unprotect(request.UiOptions);
+        var uiOptions = ResolveProtectedUiOptions(request.UiOptions);
 
         var state = GetStateFromCookie(uiOptions);
         if(state == null)
 
@@ -1,3 +1,4 @@
+using ActiveLogin.Authentication.BankId.AspNetCore.Cookies;
 using ActiveLogin.Authentication.BankId.AspNetCore.DataProtection;
 using ActiveLogin.Authentication.BankId.AspNetCore.StateHandling;
 using ActiveLogin.Authentication.BankId.Core.UserMessage;
@@ -20,9 +21,10 @@ public BankIdUiPaymentController(
         IBankIdUserMessageLocalizer bankIdUserMessageLocalizer,
         IBankIdUiOptionsProtector uiOptionsProtector,
         IBankIdInvalidStateHandler bankIdInvalidStateHandler,
-        IBankIdUiStateProtector bankIdUiStateProtector
+        IBankIdUiStateProtector bankIdUiStateProtector,
+        IBankIdUiOptionsCookieManager uiOptionsCookieManager
     )
-        : base(antiforgery, localizer, bankIdUserMessageLocalizer, uiOptionsProtector, bankIdInvalidStateHandler, bankIdUiStateProtector)
+        : base(antiforgery, localizer, bankIdUserMessageLocalizer, uiOptionsProtector, bankIdInvalidStateHandler, bankIdUiStateProtector, uiOptionsCookieManager)
     {
 
     }
 
@@ -1,6 +1,7 @@
 using ActiveLogin.Authentication.BankId.Api;
 using ActiveLogin.Authentication.BankId.Api.UserMessage;
 using ActiveLogin.Authentication.BankId.AspNetCore.Areas.ActiveLogin.Models;
+using ActiveLogin.Authentication.BankId.AspNetCore.Cookies;
 using ActiveLogin.Authentication.BankId.AspNetCore.DataProtection;
 using ActiveLogin.Authentication.BankId.AspNetCore.Helpers;
 using ActiveLogin.Authentication.BankId.AspNetCore.Models;
@@ -28,11 +29,12 @@ public BankIdUiSignApiController(
         IBankIdUiOrderRefProtector orderRefProtector,
         IBankIdQrStartStateProtector qrStartStateProtector,
         IBankIdUiOptionsProtector uiOptionsProtector,
+        IBankIdUiOptionsCookieManager uiOptionsCookieManager,
         IBankIdUserMessage bankIdUserMessage,
         IBankIdUserMessageLocalizer bankIdUserMessageLocalizer,
         IBankIdUiResultProtector uiAuthResultProtector,
         IBankIdUiStateProtector bankIdUiStateProtector)
-        : base(bankIdFlowService, orderRefProtector, qrStartStateProtector, uiOptionsProtector, bankIdUserMessage, bankIdUserMessageLocalizer, uiAuthResultProtector)
+        : base(bankIdFlowService, orderRefProtector, qrStartStateProtector, uiOptionsProtector, uiOptionsCookieManager, bankIdUserMessage, bankIdUserMessageLocalizer, uiAuthResultProtector)
     {
         _bankIdUiStateProtector = bankIdUiStateProtector;
     }
@@ -44,7 +46,7 @@ public async Task<ActionResult<BankIdUiApiInitializeResponse>> Initialize(BankId
         Validators.ThrowIfNullOrWhitespace(request.ReturnUrl, nameof(request.ReturnUrl));
         Validators.ThrowIfNullOrWhitespace(request.UiOptions, nameof(request.UiOptions));
 
-        var uiOptions = UiOptionsProtector.Unprotect(request.UiOptions);
+        var uiOptions = ResolveProtectedUiOptions(request.UiOptions);
 
         var state = GetStateFromCookie(uiOptions);
         if(state == null)
 
@@ -1,3 +1,4 @@
+using ActiveLogin.Authentication.BankId.AspNetCore.Cookies;
 using ActiveLogin.Authentication.BankId.AspNetCore.DataProtection;
 using ActiveLogin.Authentication.BankId.AspNetCore.StateHandling;
 using ActiveLogin.Authentication.BankId.Core.UserMessage;
@@ -20,9 +21,10 @@ public BankIdUiSignController(
         IBankIdUserMessageLocalizer bankIdUserMessageLocalizer,
         IBankIdUiOptionsProtector uiOptionsProtector,
         IBankIdInvalidStateHandler bankIdInvalidStateHandler,
-        IBankIdUiStateProtector bankIdUiStateProtector
+        IBankIdUiStateProtector bankIdUiStateProtector,
+        IBankIdUiOptionsCookieManager uiOptionsCookieManager
     )
-        : base(antiforgery, localizer, bankIdUserMessageLocalizer, uiOptionsProtector, bankIdInvalidStateHandler, bankIdUiStateProtector)
+        : base(antiforgery, localizer, bankIdUserMessageLocalizer, uiOptionsProtector, bankIdInvalidStateHandler, bankIdUiStateProtector, uiOptionsCookieManager)
     {
 
     }
 
@@ -17,6 +17,6 @@ internal BankIdUiScriptInitState()
     [JsonPropertyName("cancelReturnUrl")]
     public string CancelReturnUrl { get; init; } = string.Empty;
 
-    [JsonPropertyName("protectedUiOptions")]
-    public string ProtectedUiOptions { get; init; } = string.Empty;
+    [JsonPropertyName("uiOptionsGuid")]
+    public string UiOptionsGuid { get; init; } = string.Empty;
 }
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+using ActiveLogin.Authentication.BankId.AspNetCore.Cookies;`
`1`	`2`	`using ActiveLogin.Authentication.BankId.AspNetCore.DataProtection;`
`2`	`3`	`using ActiveLogin.Authentication.BankId.AspNetCore.StateHandling;`
`3`	`4`	`using ActiveLogin.Authentication.BankId.Core.UserMessage;`
`@@ -20,17 +21,18 @@ public BankIdUiAuthController(`
`20`	`21`	`IBankIdUserMessageLocalizer bankIdUserMessageLocalizer,`
`21`	`22`	`IBankIdUiOptionsProtector uiOptionsProtector,`
`22`	`23`	`IBankIdInvalidStateHandler bankIdInvalidStateHandler,`
`23`		`- IBankIdUiStateProtector bankIdUiStateProtector`
	`24`	`+ IBankIdUiStateProtector bankIdUiStateProtector,`
	`25`	`+ IBankIdUiOptionsCookieManager uiOptionsCookieManager`
`24`	`26`	`)`
`25`		`- : base(antiforgery, localizer, bankIdUserMessageLocalizer, uiOptionsProtector, bankIdInvalidStateHandler, bankIdUiStateProtector)`
	`27`	`+ : base(antiforgery, localizer, bankIdUserMessageLocalizer, uiOptionsProtector, bankIdInvalidStateHandler, bankIdUiStateProtector, uiOptionsCookieManager)`
`26`	`28`	`{`
`27`	`29`
`28`	`30`	`}`
`29`	`31`
`30`	`32`	`[HttpGet]`
`31`	`33`	`[Route($"/[area]/{BankIdConstants.Routes.BankIdPathName}/{BankIdConstants.Routes.BankIdAuthControllerPath}")]`
`32`		`- public Task<ActionResult> Init(string returnUrl, [FromQuery(Name = BankIdConstants.QueryStringParameters.UiOptions)] string protectedUiOptions)`
	`34`	`+ public Task<ActionResult> Init(string returnUrl, [FromQuery(Name = BankIdConstants.QueryStringParameters.UiOptions)] string uiOptionsGuid)`
`33`	`35`	`{`
`34`		`- return Initialize(returnUrl, BankIdConstants.Routes.BankIdAuthApiControllerName, protectedUiOptions, "Init");`
	`36`	`+ return Initialize(returnUrl, BankIdConstants.Routes.BankIdAuthApiControllerName, uiOptionsGuid, "Init");`
`35`	`37`	`}`
`36`	`38`	`}`
Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,6 @@ internal BankIdUiScriptInitState()`
`17`	`17`	`[JsonPropertyName("cancelReturnUrl")]`
`18`	`18`	`public string CancelReturnUrl { get; init; } = string.Empty;`
`19`	`19`
`20`		`- [JsonPropertyName("protectedUiOptions")]`
`21`		`- public string ProtectedUiOptions { get; init; } = string.Empty;`
	`20`	`+ [JsonPropertyName("uiOptionsGuid")]`
	`21`	`+ public string UiOptionsGuid { get; init; } = string.Empty;`
`22`	`22`	`}`