Anyone been successful with SSO between SharePoint onprem and ASP.NET Core API?

I'm trying to establish SSO between SharePoint 2016 onprem and ASP.NET Core API but finding doco on this scenario has been difficult if not futile.

A summary of the 3 main use cases are as follows

  1. Embedded SharePoint webpart needs to call into SharePoint restful services. I assume the SAML token associated with the user identity can be used here without any issue.

  2. Embedded SharePoint webpart needs to call a custom ASP.NET Core API. The API then needs to call into SharePoint restful services.

  3. Call is made from custom Angular web application or phone app into custom ASP.NET Core API. The API then needs to call into SharePoint restful services.

I'm thinking of using something like Auth0 to help get this up and running as fast as possible. However, are there any experts out there who could help we confirm

  1. Is this is all in fact possible?
  2. As SharePoint only supports SAML tokens and not JWT\OpenId Connect I'm assuming the custom web application and ASP.NET Core API would all need to support SAML tokens?
  3. If you have used the likes of Okta or Auth0 before, could they be used to achieve this?
  4. Are you aware of any doco covering these use cases?

Thanks heaps for any help or direction you could offer!