Consistent way to authenticate artifact download URL

I’m trying to download CI pipeline artifacts in local development and CI context. In CI pipeline I can use Artifacts API with job_token=$CI_JOB_TOKEN parameter. In local dev context I can use the same API with PRIVATE-TOKEN HTTP header or Artifacts access URLs with private_token query parameter or PRIVATE_TOKEN HTTP header with my personal access token.

Unfortunately, job_token parameter doesn’t work with personal tokens outside of CI context and private_token parameter doesn’t work with $CI_JOB_TOKEN on CI. I can’t figure out a single consistent way (URL and auth scheme) to download an artifact using a $CI_JOB_TOKEN in CI context and personal access token locally.

Is it possible? Am I missing some piece of documentation here?