Blazor WASM - my client app uses Google auth. How can I authenticate requests to the Web API?

I added Google OIDC authentication to my Blazor WASM app:

builder.Services.AddOidcAuthentication(options =>{    // Configure your authentication provider options here.    // For more information, see https://aka.ms/blazor-standalone-auth    builder.Configuration.Bind("Local", options.ProviderOptions);    options.ProviderOptions.Authority = "https://accounts.google.com";    options.ProviderOptions.ClientId = "big-number.apps.googleusercontent.com";    options.ProviderOptions.RedirectUri = builder.HostEnvironment.BaseAddress +"authentication/login-callback";    options.ProviderOptions.PostLogoutRedirectUri = builder.HostEnvironment.BaseAddress +"authentication/logout-callback";    options.ProviderOptions.DefaultScopes.Add("openid");    options.ProviderOptions.DefaultScopes.Add("profile");    options.ProviderOptions.ResponseType = "id_token token";});

I am able to authenticate with google, retrieve information which gets automatically stored in session and/or local storage, and AuthenticationStateProvider now shows that I am authenticated. So the client-side authentication is functioning as needed.

My question is, having authenticated the browser client, how can I leverage this confirmed identity when making CORS calls to an ASP.NET Core Web API?

Additionally:

1. Can I (and should I) pass the JWT to the Web API?
2. Which token should I send? The data in session-storage includes both an id_token and an access_token (I mentioned "the JWT" above, but since I'm getting multiple pieces of information, I don't know which one "the JWT" refers to)
3. How should I get the JWT in order to send it to the Web API? The only way I currently know is to retrieve it from session storage (for example, using Blazored.SessionStorage), but it seems like a clunky and potentially error-prone method (I need to figure out timing issues, etc)
4. How do I attach the relevant information to an HttpClient? I can do something like client.DefaultRequestHeaders.Add("GOOGLE-JWT", jwt), but is there a canonically better way to make this connection?
5. In the Web API, is it possible to translate the token into "standard" ASP.NET Core user information using builder.Services.AddAuthentication() and app.UseAuthentication()? If so, how can I do this?

I am able to pass the information by taking the above steps (retrieving token data from session-storage, including it as a header, and handling the header information in the Web API in custom middleware). But it feels like there should be "smoother" ways to do some or all of these things, and I have no idea whether what I'm doing is sufficiently "secure".

Alternately, if this is not an appropriate authentication flow for a static WASM app communicating with a web API, what should I do differently?