Hi all, having some minor trouble understanding how to manage authentication architecture. Basically I've got a server-side app, which leverages auth0 for user management. I want to ensure every request is authenticated, but not call the remote service every time. In the correct way to use 2 authentications in the system? A default one which most routes use which checks the session for valid credentials and populates the Principal, redirecting to /login if not valid, and an Oauth2 one to trigger on the /login route and handle the auth0 login and callback routes?