I'm trying to implement a google calendar integration using oauth, but I've come across a strange issue.

• The backend user is logged in
• They click on a button that takes them to the Google consent screen
• They sign in to Google and give permission to create calendar events
• They get redirected back to a route that handles the authorization code
• However, once they get there, the backend user has been mysteriously logged out - so I can't store the access token against them in the db

Does anyone know what could be causing the backend user to get signed out?

Did you include the web Middleware in your route?

Route::any($locale, 'Cms\Classes\CmsController@run')->middleware('web');

ref. https://octobercms.com/docs/services/router#route-middleware

I figured out what problem I was having....

It's all to do with having 'same_site' => 'strict' set in my config/session.php

Now all I have to figure out is how to bypass that for a particular route - or learn about that config setting and figuring out what exactly it does.

You could try to use your own custom middleware in your route (instead of the default "web" middleware) and set the 'same_site' session config in there before calling the web middleware.

You can add middleware in order like this:

Route::get('/', function () {
    ...
})->middleware('yours', 'web');

So if yours is first, it can change the same_site session config before the web middleware runs...

<?php

use Closure;
use Config;

class CustomMiddleware
{
    public function handle($request, Closure $next)
    {   
        Config::set('session.same_site', 'null');

        return $next($request);
    }
}