I am building a public-facing API (Open API) in ASP.NET Core that external users outside my organization or system will consume. The API will provide basic CRUD operations let say basic external user CURD operations for the time being, and I want to secure it using Auth0(if that is optimal) for both authentication and authorization.