Hey @chris54 welcome to the community!
Auth will occur in your React SPA and once it does your frontend will use an access token against your API. I definitely recommend taking a look at our developer hub where you can get a sample up and running fairly easily.
Both are valid approaches:
https://auth0.com/docs/secure/security-guidance/data-security/user-data-storage