Based on the information provided you’re using ASP .NET Core to implement the API that the Vue.js application will consume. In this scenario and using the OpenID Connect and OAuth2 terminology you would have:
- a Vue.js client application registered as such in the associated Clients section of your Auth0 Dashboard.
- a ASP .NET Core Web API registered as such in the associated APIs section of your Auth0 Dashboard.
The Vue.js client application would authenticate users through Auth0 while at the same time requesting an access token suitable to call the ASP .NET Core Web API. Each call from the Vue.js application to the API would include the access token so that the API could ensure that the request is coming from a trusted source and also know the associated end-user.
For general information on this scenario see:
For reference code see the quickstarts:
As an additional note, even if you use ASP .NET Core to serve the Vue.js application files that’s an implementation detail that does not have any impact on the overall scenario as the file serving does not require any authentication or authorization.