Skip to content
docsv0.1.0

AuthenticateMiddleware

The PSR-15 entry point that turns an `Authorization: Bearer …` token into a trusted {@see AuthContext} and attaches it to the request under {@see self::ATTRIBUTE}. It only *produces* the context; it never decides whether the request may proceed — that is {@see RequireScopeMiddleware}'s job. So it NEVER throws for a missing or bad credential: a request with no Bearer token flows on with {@see AuthContext::anonymous()}, a rejected one with {@see AuthContext::invalid()}, and only the guard downstream turns those into a 401. The credential split, made explicit: this middleware resolves the *Bearer* channel only. A session *cookie* is also a credential, but resolving it is a session lookup that belongs to {@see StartSession} (which owns the {@see \Milpa\Auth\Contracts\SessionStore}) — this middleware defers the cookie entirely to StartSession and never touches it. The raw token is wrapped in a {@see Credential} the instant it leaves the header and never appears anywhere else: not in the context, not in a log, not in an error.

AuthenticateMiddleware::__construct()

public function __construct(Milpa\Auth\Contracts\CredentialVerifier $verifier):

Parameters

Parameters of __construct()
NameTypeDescription
$verifierCredentialVerifierthe producer that turns a {@see Credential} into a context

AuthenticateMiddleware::process()

public function process(Psr\Http\Message\ServerRequestInterface $request, Psr\Http\Server\RequestHandlerInterface $handler): Psr\Http\Message\ResponseInterface

Resolves the Bearer credential (if any) to an {@see AuthContext}, attaches it under {@see self::ATTRIBUTE}, and passes the request on. Fail-open on *authentication*, fail-closed on *authorization*: it always continues the pipeline, leaving the decision to the guard.

Parameters

Parameters of process()
NameTypeDescription
$requestPsr\Http\Message\ServerRequestInterface
$handlerPsr\Http\Server\RequestHandlerInterface