I have a laravel api backend which uses passport package to generate access_tokens. That access token is used in android and ios app for api request authentication.

I am building a front-end web app in which i want to use sanctum package for spa authentication.

I want to use passport for token authentication and sanctum for spa authentication on same set of api calls.

My issue is that how can I use both middlewares (auth:sanctum & auth:api) in same set of api calls?

One way I found is that define separate routes for both middlewares. In that case api end points will be different.

For iOS/Android

Route::group(['middleware' => ['auth:api', 'verified']], function(){

	Route::get('device/logout', 'Api\AuthenticateController@logout');

	Route::get('device/users', 'Api\UsersController@index');
	Route::get('device/users/avatar', 'Api\UsersController@download');
});

For SPA

Route::group(['middleware' => ['auth:sanctum', 'verified']], function(){

	Route::get('spa/logout', 'Api\AuthenticateController@logout');

	Route::get('spa/users', 'Api\UsersController@index');
	Route::get('spa/users/avatar', 'Api\UsersController@download');
});

Is there any possibility to add middleware dynamically? Like

#Route

Route::group(['middleware' => ['check_auth', 'verified']], function(){

	Route::get('logout', 'Api\AuthenticateController@logout');

	Route::get('users', 'Api\UsersController@index');
	Route::get('users/avatar', 'Api\UsersController@download');
})

#check_auth middleware

 public function handle($request, Closure $next) {

    // If request from spa
        $request->route()->middleware(`auth:sanctum`);
    else
        $request->route()->middleware(`auth:api`);

    return $next($request);
}