The ASP.NET Core OIDC provider automatically discovers the endpoints for any OIDC provider. Auth0, however, does not specify a logout endpoint, as out logout endpoint requires some extra parameters (such as the ClientID) to be passed along.
BTW 1: this was the same in ASP.NET Core 1.1, so not sure why you are picking up on this only now?
BTW 2: To challenge the OIDC middleware you can now use:
await HttpContext.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties() { RedirectUri = returnUrl });
And in your case, since you specified the DefaultChallengeScheme as OpenIdConnectDefaults.AuthenticationScheme, you should actually just be able to call ChallengeAsync without specifying the scheme
BTW1: Then I’ll never “properly” signed out of Auth0 I guess… With those lines in place the sessions seem to be lost since I now dont get “Last time you signed in with …”.
BTW2: Yes that I possible, but only if I change this to OpenIdConnectDefaults.AuthenticationSchemealternatively leave blank which probable just calls the overload with the aforementioned const.