I have a API with a /login. The user than authenticates to a OIDC server. After that I assume I will have to ensure that particular user resource exists in spicedb correct? I guess I could also attempt to bulk load resources too?

You can model the user with a "self" relationship, or you could model a root/platform resource that holds all users to check for the existence of the user

Am I not understanding that all resources have to be created added to SpiceDB right?

Resources do not exist in isolation really. Everything is defined through relationships, which is really what defines the existence of resources and subjects