Are Sign-in to React SPA and configuring an API different things?

I followed the React walkthrough and found it quite effortless to get something set up where I can sign in and out using Auth0. In my SPA I can get the username etc and it’s all great.

I’ve also followed the tutorial for securing an ASP.NET Core 3.1 WebAPI, but now I’m confused. I can’t quite see where the two processes tie up. Having signed-in in React purely in the browser, do I then need to do something specific to get a token that I then put in the requests to my API? I (perhaps foolishly) assumed this would somehow magically dealt with by the Auth0Provider in my React app, but it’s cool if I need to do something specific myself for each API request.

I can’t see how I connect things up such that the credentials I use to sign-in to my React app (configured in can be used to invoke APIs that I’ve configured on

Hang on, I think I might just have not been able to see the wood for the trees, and what I needed might literally have been at the bottom of the page I was already working on (Auth0 React SDK Quickstarts: Call an API).