Question posted in 
I am building a SPA in VueJS. I want to create the back-end (API) in Laravel. I am unsure whether I should use OAuth2 for authenication.
All examples I have found that explain OAuth explain it using two services (Example: Login with Facebook on Spotify). But this isn’t my use case.
My API and SPA VueJS app are basicly (part of) “the same application”.
What from of authentication should I use?
2
Answers
Answer depends on your final requirement.
Use OAuth based authorization for back-end API if you have plans to expose the back-end API for other clients OR as a service
Use simple session based Authorization for back-end if your back-end will never get exposed for outside and tightly coupled with front-end (as you will never use external login options)
First of all, the fact that your SPA and API do belong to the same application is definitely no reason not to use OAuth2.
A good reason to use OAuth2, OIDC … is the fact that many companies like Auth0, Okta and even Facebook and Google, offer you easy to use libraries to add authentication and authorization to your app so you don’t have to worry about usernames, password yourself.
Laravel Passport seems to be a good starting point to integrate OAuth in your API (I, however, never used it myself).
oidc-client-js is a javascript library that I used extensively in SPA’s written in pure javascript, React …
These libraries point to another advantage of using OAuth2/OIDC: you can easily change your coding framework without impacting your auth integration.