Azure sign-in into two different applications (with two different users) using OpenIdConnect middleware

Question

I have two Azure enterprise applications to which I need the user to sign in. He might sign in with different active directory users.

The 1st app is used to authenticate the customer into my WEB app, The 2nd app is used in order to receive a tenant-id of a tenant which the customer has a user in.

Until today we only used OpenIdConnect middleware for the 1st app using cookie authentication scheme. Now I wish to use the 2nd app just for sign in, so that I can capture the response in OnTokenValidated and extract the tenant_id of the tenant the customer is a part of.

The problem is when I do tokenValidatedContext.Success() , it overrides the cookie and the HttpContext used for the 1st app. I do not want that. I tried tokenValidatedContext.SkipHandler(), but then I can't find a way to use the tenant_id outside the static OnTokenValidated method context without adding it to the response that goes to the customer's web browser for redirect - This is a security issue because he might alter the response before redirection occurs!

Is there a way to use the middleware to extract the tenant_id directly into some controller of mine, without passing through the user, and without changing the cookie?

Thanks!