Not sure if this helps, as we don't currently use different tenants at this point in time, but we do for sure enforce sending the tenant id to each call:
When you setup the OpenIdConnectOptions ---
private const string TenantIdParameterName = "tenantId";
...
options.Events.OnRedirectToIdentityProvider = context =>
{
/* Fusion auth has the option for multiple tenants - when multiple tenants enabled,
we have to ensure we hit the right one for user auth. */
context.ProtocolMessage.SetParameter(TenantIdParameterName, authSettings.TenantId.ToString());
}
options.Events.OnRedirectToIdentityProviderForSignOut = context =>
{
context.ProtocolMessage.ClientId = authSettings.ClientId.ToString();
context.ProtocolMessage.SetParameter(TenantIdParameterName, authSettings.TenantId.ToString());
return Task.CompletedTask;
};
Not sure if that helps you - you will have to look at the current HttpContext to decide what you want to do.
