I am currently using laravel framework and storing the bearer token in cookies for embedded iframe pages to consume. The purpose of doing this is that I do not want to redesign the whole application and I only want some elements inside the application to use another frontend framework such as react. I am able to get it working and the application inside can call the APIs using the bearer token stored in the cookie.
Are there any security concerns that I should be wary of?
There should be no issue with having iframes and storing the bearer token in a cookie. The security considerations I see that would be relevant are related to the protection of the cookies itself. Have a look into https://github.com/OWASP/ASVS/blob/v4.0.2/4.0/en/0x12-V3-Session-management.md#v34-cookie-based-session-management for the details.