We need to enable viewing of PII logs so we can see more details about the error:
Add the following line in ConfigureServices() to Startup.cs
public void ConfigureServices(IServiceCollection services)
{
IdentityModelEventSource.ShowPII = true; //Add this line
....