Function: authenticateServiceAuth()

authenticateServiceAuth(verifier, authzService): MiddlewareHandler<ChiveEnv>

Defined in: src/api/middleware/auth.ts:76

Creates ATProto service auth middleware.

Parameters

verifier

IServiceAuthVerifier

ATProto service auth verifier

authzService

IAuthorizationService

Authorization service for role lookup

Returns

MiddlewareHandler<ChiveEnv>

Hono middleware handler

Remarks

Extracts Bearer token from Authorization header and verifies it as an ATProto service auth JWT. Sets authenticated user in context if valid token present.

By default, authentication is optional - requests without tokens continue as anonymous. Use requireAuth() for mandatory auth.

E2E Testing Support: When ENABLE_E2E_AUTH_BYPASS=true and the X-E2E-Auth-Did header is set, authentication is bypassed and the user is set from the header. This is standard practice for E2E testing OAuth-protected APIs.

Example

const verifier = new ServiceAuthVerifier({
  logger,
  config: { serviceDid: 'did:web:chive.pub' },
});

app.use('*', authenticateServiceAuth(verifier, authzService));

Parameters​

verifier​

authzService​

Returns​

Remarks​