So would a better idea be to find a way to get ASP.Net core to authenticate based on the Access Token rather than the ID Token? I believe they have an OpenID auth option, I just need to work out how to use it with an API(rather than their MVC stuff most of their documentation covers).