Cascading authentication methods

I have set up two Silhouette environments and a controller for each (cookie auth and JWT auth). Now I would like to have an endpoint that is accessible by either auth method - that is look for a cookie, and if that is not present look for a JWT token. It seems there could be quite a few ways to implement this.

For example it seems I could make a custom ErrorHandler to pass failed cookie-auth to a SecuredAction in the JWT env.

Or maybe use Action composition in some way…

Or something else?

What is a clean and simple way to do this?

Hi,

I think the best solution would be to implement a custom authenticator with a custom authenticator service. This authenticator should implement all fields from both authenticators. And the authenticator service could use the cookie and the JWT authenticator services. In this case you could reuse the already existing functionality and must only build the delegation logic into the authenticator service. This should be work theoreticaly. The current Silhouette version wasn’t developed with this scenario in mind. This will change in the future version.

Best regards,
Christian