I want to create a SPA, and also mobile apps with a .net core backend...

I want authentication and authorization in my backend, but not sure what to do. There seems like lots of different options, and its all a bit confusing.

From my reading I think Asp.net Identity is needed for storing user details/roles etc... But as it is using API's will need JWT authentication rather than cookie based?...

I am planning on using asp.net core...

Any guidance on how to authenticate and authorize users for this scenario (SPA, mobile apps) appreciated