TokenVerifierInterface
Turns a raw HTTP `Authorization` header into the {@see SecurityPrincipal} it identifies, or `null` if the header does not identify a valid principal. This is the authentication seam feeding {@see InteractionAuthorizerInterface::authorize()}'s `$principal` argument — a request with no principal is treated as anonymous, not as an error.
TokenVerifierInterface::verify()
abstract public function verify(string $authorizationHeader): ?Milpa\Live\ValueObjects\SecurityPrincipalVerifies the given `Authorization` header value and resolves it to a principal.
Parameters
| Name | Type | Description |
|---|---|---|
| $authorizationHeader | string |
Returns
`null` if the header is missing, malformed, or names an unknown/expired token — callers treat that as an anonymous request, not a fatal error.