I am developing a Chat where it can be accessed both by the web and by an application, so I made a laravel project with an api, both the site and the application will be fed through the api that stays on the same server what I am in doubt is about authentication
Application
In my application I am using JWT to authenticate the user, so every request I need to pass a token , that token is obtained at login time >
Then I will save this token in a local session on the device so I do not have to be authenticating at all times
Website
But how should I do the authentication on the site, if I'm already feeding it through the api I should also do the authentication through api?
Token, get the token , save in a session and in every request pass the token
It seems like an insecure method