Since I assume you will have to build a bunch of APIs that can be accessed post login. In which case, it's better to have the auth layer of the app already ready.