So, I currently have a pac4j Service Provider I use as a way to login my customers to my services. It is currently browser based so as long as one is logged in to my SP and has a valid session, I can pass the session to my other services and have the session verified by my SP.

Now I need to work with a react native application. I want to use my SP to login to the native app the same way but I do not want to pass sessionids in the url. How would i normally go about this? I understand pac4j is really for browser session-based authentication...but is there a recommended pac4j way to do what i want? I suppose pac4j jwt could be of relevance here. I want to know if there is something existing I should consider or whether I would have to write a PKCE-like code on top of pac4j's I am using pac4j oauth2.