Session variables lost on auth-callback when deployed to production

I've been using this solution to test the fusion auth apis for multi tenancy.

The example works well for a single application but when we try to replace the config values with injected variables into the session from the login service, when we intercept the request in oauth-callback the session variables are not available when deployed to a production server under Https.

If i run this locally using http://localhost:4200 for the angular app and http://localhost:3000 for the server, the session variables persist from login to oauth-callback.

I read some articles about adding withCredentials = true which i have done but that doesn't seem to solve the problem.

Has anyone else had this issue and if so how did you resolve it?

Or alternatively, does anyone have a github repo that implements multi tenancy using Fusion Auth?

https://github.com/FusionAuth/fusionauth-angular-example

Creating a multi tenanted application using .dot net core 3.1.

Created custom JWT middleware as we have multiple applications. depending on the tenant, however when trying to authorize the bearer token we get the following error:-

Signature validation failed. Unable to match key: kid:

var tokenHandler = new JwtSecurityTokenHandler();
var key = new SymmetricSecurityKey(Encoding.ASCII.GetBytes("My secret from application config"));

 tokenHandler.ValidateToken(token, new TokenValidationParameters
{
   ValidateIssuerSigningKey = true,
   IssuerSigningKey = key,
   ValidateIssuer = false,
   ValidateAudience = false,
   ClockSkew = TimeSpan.Zero
}, out SecurityToken validatedToken);

This is a test using a hard coded secret from the application.

What are we doing wrong?