Out of curiousity, is there a way to secure API endpoints by using a server to server login + session? Just started wading through (the really excellent, btw) documentation but have not seen a reciepe for that scenario, only for user login. Pure session assumes frontend already authenticated but how would you guys implement something similar to say Okta's OAuth? https://developer.okta.com/docs/guides/implement-oauth-for-okta/request-access-token/