We are wanting to use ASPCore as a web site and API. One of the applications it will serve is an Angular app. We do not want to serve this app unless the user is authenticated. Meaning, if they come to the site, they are presented with a page and then they can choose to login. If they login, they are presented with an AUTH0 login and the angular app is served to them. The Angular app has NO auth0 capabilities and it is not needed since the cookie/bearer token is already in place when it is served to the authenticated user. We have this “working” using examples, but it is cookie based. We really miss the bearer token concept we had when we had Auth0 in angular. Is it possible (without some crazy untested process) to have ASPCore set the bearer token instead of a cookie? All I see is AddOpenIdConnect with options for client id and secret.