...
Google Chrome and Chromium started with v80 to introduce a breaking change in how SameSite
cookies are handled. The OpenID Connect protocol needs SameSite=None (and thereby also IdentityServer4 and Authority). This breaking change in behavior has been announced for quite some time and is considered important since it improves security and privacy.
It is expected that other browser also will follow and make this mandatory. It might be that Safari in iOS already has been changed, but haven’t had time to verify this yet.
Official solution -
...
configure HTTPS
We’ve verified that Authority v2.0.4 is compliant with the SameSite changed outlined above.
However, since SameSite=None also requires a secure protocol, Authority has to be configured with HTTPS when communicating with the browser in order to be compliant.
If you are usin Ayfie Supervisor, configuring it to use HTTPS requires additional steps, as outlined in ayfie SSL and HTTPS Configuration
...