Currently I developing web application client using laravel 5.7. The web client is thin and mainly processing via REST API from AWS gateway. The user authentication also handle by Cognito user pool via AWS gateway (which returned access, refresh token upon username&password).
As described above, is this belongs good practice? I looking way to build the user controller methods (to validate and handle access/refresh token) and best way to store the client id and client secret. My view in laravel will pass the user data(in plain request) in form to controller.
I studied the laravel pasport which might useful but since my web client totally depends on API gateway. I don't think I should implement API again in my web client using Pasport. (correct me if I'm wrong)
Any example/article/tutorial/suggestion?
