It turns out that what I mentioned in my potential solution DID NOT work. However, I realized that I was accidentally using two different domain values in my various configs. I have a custom domain in Auth0 that I setup many many months ago, and then forgot about it when I picked up this project again recently. So I was using a mix of [mydomain].auth0.com and login.[mydomain].com across various configs, which will of course cause issues because everything needs to be referencing the same authority. Plus, I was forgetting to logout of the mobile app between tests (which I tuck away into device secure storage), so I was trying to pass an old identity with a different claim authority to my Web API instance that had since seen its config updated to the new custom domain authority value. That’s a recipe for a whole lotta nope. 
So, I had several issues conflating my understanding of the problems I was seeing yesterday.
I still don’t have Auth0 login working for my Blazor project (the callback after login fails), so I still need to track that down. But at least the ClaimsPrincipal (the .NET representation of the JWT token) is coming through successfully on my Web API controllers. So, I’m halfway there.