I followed the React walkthrough and found it quite effortless to get something set up where I can sign in and out using Auth0. In my SPA I can get the username etc and it’s all great.
I’ve also followed the tutorial for securing an ASP.NET Core 3.1 WebAPI, but now I’m confused. I can’t quite see where the two processes tie up. Having signed-in in React purely in the browser, do I then need to do something specific to get a token that I then put in the requests to my API? I (perhaps foolishly) assumed this would somehow magically dealt with by the Auth0Provider in my React app, but it’s cool if I need to do something specific myself for each API request.