Cookie Auth SEPARATE from JWT Auth?

[ProofOfKeags]

I have a use case where I'd like to be able to give users the ability to export custom JWT auth tokens with different permission sets. While allowing any valid cookie session to have "full" permissions.

The most natural way to deal with this in my mind was to have two different auth mechanisms: one with its own JWT configuration, and a cookie configuration that does not depend on the JWT config. It seems like a smell to me that the Cookie and JWT auth setups are inextricably linked. Is there a good reason for this?