I have a question about the Chained Auth allowed in the API for 2.3.
Is this an “AND” or a “OR” setup?
The way I read it right now its an AND meaning you would need JWT and AuthToken. Im actually looking for an “OR” solution, at accept APIToken keys or a JWT for the same API.
It looks like with 2.3 I can do on my own with a CustomKeyCheck plugin if necessary, but im just looking to see whats supported out of the box.
Especially the term “chained” indicates that all auth middlewares have to pass. However, it’s still not 100% clear. Especially when what you need is the exact opposite.
I wonder how to publish an API in a way that users can either use a token or a JWT (from OpenID Connect) for authentication.