I have an Apache server using mod_auth_openidc. For one specific directory (the API), I'd like to allow bearer token authentication first with fallback to OpenID. Is that something I can accomplish with an .htaccess file in the API directory?
Desired behavior: - If a request is made in the API directory: - If an "Authorization: Bearer" header is set: - use bearer authentication - Otherwise: - use OpenID Connect - If a request is made in any other directory: - use OpenID Connect