<return-response>
            <set-status code="201" />
            <set-header name="Set-Cookie" exists-action="override">
                <value>@("cookie0=000000; cookie1=" + context.Variables.GetValueOrDefault<string>("token", "no value"))</value>
            </set-header>
            <set-body>@(context.Variables.GetValueOrDefault<string>("token", "no value"))</set-body>
        </return-response>

        <return-response>
            <set-status code="201" />
            <set-header name="Set-Cookie" exists-action="override">
                <value>cookie0=000000</value>
            </set-header>
            <set-header name="Set-Cookie" >
                <value>@("cookie1=" + context.Variables.GetValueOrDefault<string>("token", "no value"))</value>
            </set-header>
            <set-body>@(context.Variables.GetValueOrDefault<string>("token", "no value"))</set-body>
        </return-response>

<!--
    IMPORTANT:
    - Policy elements can appear only within the <inbound>, <outbound>, <backend> section elements.
    - To apply a policy to the incoming request (before it is forwarded to the backend service), place a corresponding policy element within the <inbound> section element.
    - To apply a policy to the outgoing response (before it is sent back to the caller), place a corresponding policy element within the <outbound> section element.
    - To add a policy, place the cursor at the desired insertion point and select a policy from the sidebar.
    - To remove a policy, delete the corresponding policy statement from the policy document.
    - Position the <base> element within a section element to inherit all policies from the corresponding section element in the enclosing scope.
    - Remove the <base> element to prevent inheriting policies from the corresponding section element in the enclosing scope.
    - Policies are applied in the order of their appearance, from the top down.
    - Comments within policy elements are not supported and may disappear. Place your comments between policy elements or at a higher level scope.
-->
<policies>
    <inbound>
        <base />
        <set-variable name="token" value="@(context.Request.Body?.AsFormUrlEncodedContent(preserveContent: true)?["id_token"]?.Single())" />
        <return-response>
            <set-status code="201" />
            <set-header name="Set-Cookie" exists-action="override">
                <value>cookie0=000000</value>
                <value>@("cookie1=" + context.Variables.GetValueOrDefault<string>("token", "no value"))</value>
                <value>@("cookie2=" +"2222222")</value>
                <value>cookie3=111111</value>
            </set-header>
            <set-body>@(context.Variables.GetValueOrDefault<string>("token", "no value"))</set-body>
        </return-response>
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>