Our company doesn’t use Elixir, but we do it this way. We just have something like account/login endpoint that creates httponly cookie that contains JWT token for user. In Elixir you would just create a plug that validates that Cookie with JWT token and gets current user from it in every request.