Here is a typical implementation of IUserSecurityStampStore:
public Task<string> GetSecurityStampAsync(TUser user)
If user.SecurityStamp is null there is an exception in the ClaimsIdentityFactory.CreateAsync during sign in. The easy workaround is to ensure that a empty string is returned instead of null.
user.SecurityStamp ?? string.Empty
But it would be nice if the implementer didn't have to worry about this (it took a while to find the root cause).