Multiple Authentication types in ASP.NET Core 3

For Web Users, I am doing Cookie based authentication and for IOT devices, JWT Auth. But I also have several APIs which are used by BOTH Web and IOT users.

If a Cookie exists, I am expecting it to use Cookie/Identity Auth and if bearer exists, JWT Auth. Effectively it may have to try BOTH.

I can get them to work individually i.e., EITHER Cookie Auth or JWT Auth, but not both together!

Following is my code snippet from .Net Core 2.2 application which works exactly the way I need it.

                .AddJwtBearer(cfg =>
                    cfg.RequireHttpsMetadata = false;
                    cfg.SaveToken = true;
                    cfg.TokenValidationParameters = new TokenValidationParameters
                        ValidIssuer = Configuration["JwtIssuer"],
                        ValidAudience = Configuration["JwtIssuer"],
                        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JwtKey"])),

And I also have this in .Net Core 2.2.

    services.AddMvc(config =>
                        var defaultPolicy = new AuthorizationPolicyBuilder(new[] { JwtBearerDefaults.AuthenticationScheme, IdentityConstants.ApplicationScheme, CookieAuthenticationDefaults.AuthenticationScheme })
                        config.Filters.Add(new AuthorizeFilter(defaultPolicy));

Can someone help we with what changed in .Net Core 3 and how I can resolve this issue.