Bevor going deeper into your question, I'd like to clarify if each of your applications users has an individual user account at the authorization server of the external service as well?

As far as I see it, you might have mixed up this.

Your applications users authenticate against your asp.net identity, and your application authenticates against the external service. So perhaps all you need is an httpclient which you augment with a clientcredentialmanagement handler from https://docs.duendesoftware.com/foss/accesstokenmanagement/