Using Laravel Spark as a decoupled API for a Vue SPA

Hi,

We are trying to make use of all the good stuff that Spark gives us to do with team subscription billing and auth etc for a SaaS application we are building, but we want that app to be a true separate application (built in Vue.js) from the main API that Laravel and Spark will provide. That means they will exist on potentially separate machines, domains, everything.

If we keep the two layers on the same machine and domain as Spark does by default, this is all trivial. However, in order to do it the way we want we need to keep things separate. So we are trying to use a token based approach to manage auth, and ideally want to use the standard auth and multi-factor that Spark provides, changing as little as possible from that side. It seems, getting the initial token generated on login is the difficult part, and there appear to be multiple ways of accessing the functions that generate them. So what I'm hoping is someone out there has done this before and can steer us in the right direction. Things we have tried so far include;

1. Posting to the out of the box login route. This fails, throwing a 419 error due to CSRF issues (our page has no CSRF token as it is html on a separate domain)

2. Using Passport. This works, but does not have multi-factor auth built in, and feels unnecessary when you dig around in the Spark source code, as it seems Spark can do pretty much all of the token generation we need plus multi factor, without the need for an additional library (Although I realise Oauth might be useful in the future)

3. Writing our own login method. This works, and we can generate a token manually using Spark methods, but there are lots of them (transientToken, standardToken, tokenCookie, Controller, Guard, Repository, etc), with nothing really obvious as to the right path to choose.

So has anyone out there done this before, and if so can you point us in the right direction please?

Thanks in advance!