Hi
I’d say in this scenario you should first model your different endpoints as a single custom API in Auth0, as your Application will typically need to consume all of them after the user authenticates, therefore the access and refresh token that you get back from the Universal Login flow should allow you to access all your endpoints, without having to do additional interactions. Note you can still be able to assign a different scope per operation - endpoint combination, so you will be able to apply dynamic authorization policies depending of who the user is or other policies, either via roles or dynamic control from post-login Actions.
Once that is set up, from a security perspective, you’ll want to use the Authorization Code Flow with PCKE, given you will be interacting from SPAs and Mobile Apps. Additionally, you’ll want to use rotating refresh tokens as explained in this article.
With regards to .net8, I suggest you read: