Thanks for the process. Is there an assumption here that flarum server & the main app server are in same domain? What if we want to show the flarum logged in another domain? (because we can't set the cookie/session in another domain from app in one, unless the other app does that for the first one)
Is there a way to directly login a user with a user specific token in GET params? The api allows creation of users, but what about their 'authentication'/impersonation?