Happy to help and glad it works for you. Most, if not all, of this will be added to the documentation. The “calling your own API” is a little tricky because we start to get involved into really specific architecture requirements for your app, rather than authentication recommendations on our part. The API protected by an Auth0-issued token will be part of the quickstart, the API protected by a cookie is just part of your Laravel app so probably not.
how best can I access the current user?
The access token that’s provided is meant for your API to consume so you can decode that to get the sub value needed (as shown in the CheckJWT middleware here)