Managing Multiple Auth Methods in Swagger UI
Hello everyone,
I'm currently working on a Laravel project and facing a challenge with defining multiple authentication types in L5-Swagger. My app uses both HTTP Bearer Token (token) and Laravel Passport (passport).
I want passport to act as a fallback only when the token isn't defined.
(Purpose of the fallback authentication is protecting our endpoints from unwanted calls with predefined credencials.)
I want to instruct Swagger UI to correctly select the preferred token in the request headers. This would ensure that users testing the API through Swagger UI use the appropriate authentication scheme (token) by default unless it’s unavailable, in which case passport should be used.
Based on OpenAPI logic, security schemes can be combined using logical OR and AND. Here are my desired rules:
- Primary: Prefer token for authentication.
- Fallback: Use passport only if token isn't defined.
- User-Specific Endpoints: Certain endpoints strictly require the token and, due to mutual exclusivity, will not allow passport.
- Flexible Endpoints: Other endpoints can accept either token or passport.
According to OpenAPI docs, I can structure the security configuration as follows:
'security' => [
[
'token' => [],
],
[
'passport' => [],
],
],My Questions:
- Is this the correct way to prioritize token over passport in L5-Swagger?
- Are there better practices to structure authentication hierarchies in Swagger docs for Laravel applications?
Any help or suggestions would be greatly appreciated!
Thanks in advance! :)
Star