Lumen API Authentication + Vue SPA + Dingo?

Hi,

I am building an SPA website that is publicly accessable for everyone. Besides that there is an admin area for which several users should be able to log in. Besides that in the future, i would like my API to be available for certain other websites. Now i am wondering how i can best protect my Lumen API.

I did some searching and found oauth2 where there are different grant types. It seams to me that password granttype is the way to go for the admin area and Client credentials for the public part. Do you agree or is JWT or something else a bether choice? How about the other websites in the future?

Should i build my admin area side by side with the public part of my website or should i split it into 2 separated SPA's

One other question, should i use dingo for my API or do you advice other packages or tutorials as starting point?

Thanks!