AuthenticateMiddleware
The PSR-15 entry point that turns an `Authorization: Bearer …` token into a trusted {@see AuthContext} and attaches it to the request under {@see self::ATTRIBUTE}. It only *produces* the context; it never decides whether the request may proceed — that is {@see RequireScopeMiddleware}'s job. So it NEVER throws for a missing or bad credential: a request with no Bearer token flows on with {@see AuthContext::anonymous()}, a rejected one with {@see AuthContext::invalid()}, and only the guard downstream turns those into a 401. The credential split, made explicit: this middleware resolves the *Bearer* channel only. A session *cookie* is also a credential, but resolving it is a session lookup that belongs to {@see StartSession} (which owns the {@see \Milpa\Auth\Contracts\SessionStore}) — this middleware defers the cookie entirely to StartSession and never touches it. The raw token is wrapped in a {@see Credential} the instant it leaves the header and never appears anywhere else: not in the context, not in a log, not in an error.
AuthenticateMiddleware::__construct()
public function __construct(Milpa\Auth\Contracts\CredentialVerifier $verifier):Parameters
| Name | Type | Description |
|---|---|---|
| $verifier | CredentialVerifier | the producer that turns a {@see Credential} into a context |
AuthenticateMiddleware::process()
public function process(Psr\Http\Message\ServerRequestInterface $request, Psr\Http\Server\RequestHandlerInterface $handler): Psr\Http\Message\ResponseInterfaceResolves the Bearer credential (if any) to an {@see AuthContext}, attaches it under {@see self::ATTRIBUTE}, and passes the request on. Fail-open on *authentication*, fail-closed on *authorization*: it always continues the pipeline, leaving the decision to the guard.
Parameters
| Name | Type | Description |
|---|---|---|
| $request | Psr\Http\Message\ServerRequestInterface | |
| $handler | Psr\Http\Server\RequestHandlerInterface |