Authentication for Angular SPA and authorization for .NET Core 2.2 Web API

I am relatively new to the security area and Oauth2 topic. I have an application with Angular 8 SPA for the front-end and .NET Core 2.2 Web API for the back-end. My goal is to protect both ends but I am not clear on what is the best way to do this.

I would like to use Okta SSO to authenticate the users and Oauth2 JSON Web Token (JWT) to protect the web API. Is this the right approach? If yes, what are the steps to accomplish it? I’m open to new ideas.

thank you