I can speak to this.

It works, though if you need auth/authz you'll probably want to add some middleware to get a cookie flow working instead of the jwt approach PB uses by default.

If I remember right, essentially you set the cookie on login and on auth refresh and pull it out and into the auth header on all incoming requests.