I am turning a website into an app using Flutter web view. You can log in on both the website (Regular) and Flutter (Native).
When displaying the website from Flutter’s WebView, I’m able to log into the website by passing Flutter’s access token to the initial display page of the website.
Until now, there have been no problems. 
On the website side, there’s an API that restricts access using the access token. When you log in on the website (Regular), you can use the access token to access the API directly.
However, when you pass the access token obtained from Flutter (Native) to the website to log in, it cannot be used directly in the website’s verification because the applications are different.
I have no choice but to ensure validity by passing the access token using the API /userinfo, but errors occasionally occur since it’s accessed multiple times.
Does anyone know how to handle this situation? 
On the website side, I’m using auth0/auth0-php ver8.7 to verify without using the API. Similarly, when verifying the token obtained from Flutter, I’m using SdkConfiguration, but the cookieSecret is required, and I’m struggling because I can’t verify it.
I’m even questioning whether this method is appropriate in the first place. 
Website: Symfony6.3 + PHP8.2