After beating my head against the wall for 2 days, I found the solution!
In this setup
builder.Services.AddAuth0WebAppAuthentication(options => { })
create new OpenIdConnectEvents
options.OpenIdConnectEvents = new OpenIdConnectEvents { OnTokenValidated = async context => { ... var token = context.TokenEndpointResponse.AccessToken; currentIdentity.AddClaim(new Claim("access_token", token)); ... } }
Be sure to tack on the .WithToken() and add the audience.
Hope this helps someone else.