Updated to newest Auth0 nuget pacakge

Im trying to bring an old piece of software into current life cycle… below is the current method followed by my unsuccessful attempt at refactoring it… any help in getting this working would be greatly appreciated. I am fairly new to C# and .Net and to this project.

Additionally, are there any security considerations if we keep our Nuget packages at 3.7.0 for Auth0.AuthenticationApi, Auth0.Core, and Auth0.ManagmentApi using HS256?
It looks like if we update to use the latest 7.26.2 we would need to do a lot of refactoring and updating the Auth0 tenant to be OIDC compliant as well as using RS256.

    public static async Task<string> GetAuthUserForCallback(HttpContext Context)
    {
        AuthenticationApiClient client = new AuthenticationApiClient(
            new Uri($"https://{SecureSettings.GetSecureSettingValue(SecureSettings.AUTH0_DOMAIN_KEY)}"));

        //Exchange the authorization code for a token
        AccessToken token = await client.ExchangeCodeForAccessTokenAsync(new ExchangeCodeRequest
        {
            ClientId = SecureSettings.GetSecureSettingValue(SecureSettings.AUTH0_CLIENTID_KEY),
            ClientSecret = SecureSettings.GetSecureSettingValue(SecureSettings.AUTH0_CLIENTSECRET_KEY),
            AuthorizationCode = Context.Request.QueryString["code"],
            RedirectUri = SecureSettings.GetSecureSettingValue(SecureSettings.AUTH0_REDIRECT_URL_KEY)
        });

        // Cache token information
        //NOTE: For impersonation requests we will have an Access token but no ID token
        Context.Session[SessionKeyConstants.Auth0_IdToken] = token.IdToken;
        Context.Session[SessionKeyConstants.Auth0_AccessToken] = token.AccessToken;

        // Get user information
        var profile = await client.GetUserInfoAsync(token.AccessToken);

        //Cache some of the profile info in session
        Context.Session[SessionKeyConstants.Login_Email] = profile.Email;
        Context.Session[SessionKeyConstants.Auth0_Email] = profile.Email;
        Context.Session[SessionKeyConstants.Auth0_EmailVerified] = profile.EmailVerified;
        Context.Session[SessionKeyConstants.Auth0_UserId] = new Auth0Token(token.IdToken).GetTokenSubject();      
        Context.Session[SessionKeyConstants.Auth0_LastPasswordReset] = new Auth0Token(token.IdToken).GetLastPasswordReset();

        return (profile.UserName).ToUpper(); // Return the username in all caps
    }

non-working refactored method

public static async Task<string> GetAuthUserForCallback(HttpContext Context)
{
    AuthenticationApiClient client = new AuthenticationApiClient(
        new Uri($"https://{SecureSettings.GetSecureSettingValue(SecureSettings.AUTH0_DOMAIN_KEY)}"));


    var symmetricKey = Encoding.UTF8.GetBytes("Where does this key come from?"); // Replace with your actual secret key
    var securityKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(symmetricKey);

    //Exchange the authorization code for a token
    //AccessTokenResponse token = await client.ExchangeCodeForAccessTokenAsync(new ExchangeCodeRequest
    //AuthorizationCodePkceTokenRequest newAuthorizationCodeTokenRequest = new AuthorizationCodePkceTokenRequest
    AuthorizationCodeTokenRequest newAuthorizationCodeTokenRequest = new AuthorizationCodeTokenRequest
    {
        ClientId = SecureSettings.GetSecureSettingValue(SecureSettings.AUTH0_CLIENTID_KEY),
        ClientSecret = SecureSettings.GetSecureSettingValue(SecureSettings.AUTH0_CLIENTSECRET_KEY),
        Code = Context.Request.QueryString["code"],
        RedirectUri = SecureSettings.GetSecureSettingValue(SecureSettings.AUTH0_REDIRECT_URL_KEY),
        SigningAlgorithm = JwtSignatureAlgorithm.HS256,
        ClientAssertionSecurityKeyAlgorithm = SecurityAlgorithms.HmacSha256,
        ClientAssertionSecurityKey = securityKey,
        Organization = "atsinc.auth0.com",
    };
            
    AccessTokenResponse token = await client.GetTokenAsync(newAuthorizationCodeTokenRequest);
 
    // Cache token information
    //NOTE: For impersonation requests we will have an Access token but no ID token
    Context.Session[SessionKeyConstants.Auth0_IdToken] = token.IdToken;
    Context.Session[SessionKeyConstants.Auth0_AccessToken] = token.AccessToken;

    // Get user information
    UserInfo profile = await client.GetUserInfoAsync(token.AccessToken);

    //Cache some of the profile info in session
    Context.Session[SessionKeyConstants.Login_Email] = profile.Email;
    Context.Session[SessionKeyConstants.Auth0_Email] = profile.Email;
    Context.Session[SessionKeyConstants.Auth0_EmailVerified] = profile.EmailVerified;
    Context.Session[SessionKeyConstants.Auth0_UserId] = new Auth0Token(token.IdToken).GetTokenSubject();      
    Context.Session[SessionKeyConstants.Auth0_LastPasswordReset] = new Auth0Token(token.IdToken).GetLastPasswordReset();

    //return (profile.UserName).ToUpper(); // Return the username in all caps
    return (profile.UserId).ToUpper(); // Return the username in all caps
}