I was (perhaps incorrectly so) assuming that there were two Phoenix apps - a “front-end/UI” app and the Absinthe app, which is the GraphQL API. The flow I imagined was something like:
Phoenix/LiveView -> OAuth redir -> Phoenix/LiveView -> JWT -> Absinthe
This is obviously not a one-size-fits-all scenario and probably has more steps in it than most people need. But the general idea was that the UI web app would sign JWTs with its key which could then be verified by the Absinthe app via bearer token auth.
