Background and Motivation

I'd like to run custom actions after authentication succeeds or fails. While some authentication options allow me to define callbacks for various events, there's no generic way to react to authentication process unless I implement IClaimsTransformation which has other intent.
In theory, custom middleware could work but authentication can be performed both by Authentication and Authorization middleware, so it must be enabled at correct place.

Proposed API

I'd like to be able to register a custom implementation of IAuthneticationEvents (maybe multiple implementations):

public interface IAuthneticationEvents
{
    // Always executed after authentication phase.
    ValueTask AuthenticationCompleted(IReadOnlyDictionary<string, AuthenticationResult> resultByScheme);

    // Executed if at least one scheme from the effective policy is successfully authenticated.
    ValueTask AuthenticationSucceeded(IReadOnlySet<string> succededSchemes, ClaimsPrincipal principal);

    // Executed if neither of the schemes from effective policy was successfully authenticated.
    ValueTask AuthenticationFailed(IReadOnlyDictionary<string, AuthenticationResult> resultByScheme);
}

Risks

If I am not mistaken, the current architecture of authentication and authorization process makes implementing this functionality a bit hard. For example, authentication middleware always attempts to authenticate default scheme, but it is not aware of other authentications which will be executed by policy evaluator which belongs to authorization middleware.