Help adding authorization

I am using google provider to login and in the app only then can they access the stuff that only logged in people can see using conditional rendering in the client. but, my question I need authorization too right because, anyone can send requests to the server even if the arent logged in. The problem is i am not using standard user and password login, I am using oauth. So i'm not sure how to implement roles in this case to use [Authorize]. I am not using JWT either. I seem to be using cookies for authentication, but I dont know how I can use this for authorization? I know that I have to make sure that whenever they send a request to the controller endpoint, they also pass as a header their cookie and I have to validate that. how would I do this?