Hello, all,
I will try to keep the question short 
After certain research I am still not sure how to approach this. I am (as total newbie) developing basic application - first as SPA for desktop and later a mobile app.
I need to create backend API (most comfortably in Java) and of course secure it.
There is written a lot about this - generally it is recommended a JWT (although with relatively complex oAuth flow).
But, I would like to have the user experience in Desktop on some nice level, e.g. keep authorization alive during usage without compromising the security dangerously.
I would also like to keep an user logged in in mobile app for a long time (many apps have it but I am not sure how is it implemented).
So, the questions:
How to do this generally?
In more detail - which (preferably Java) framework is most suitable for it?
Thank you!