Let's now create this bad boy!

There's a few things we need to consider such as checking for the presence of the Authorization header and forming a Response if it is missing.

Then we need to isolate the token value (i.e. remove the 'Bearer ' part) and decode the token. The good thing about the Firebase JWT library is that it will actually verify the signature as part of the decode step.

At this point we will have either a decoded token or an exception will be thrown to tell us that there was a problem. So we can have a contingency for all exceptions or we can just handle the ones we really care about and throw a catch-all in for the rest and Firebase uses UnexpectedValueException as the catch all.

If we do have a decoded token, we could do something with the info on the claims if we needed to but ultimately we need to pass the Request back to the handler to delegate to the next middleware as the JWT has checked out 🎉

Branch: https://github.com/GaryClarke/pest-tdd/tree/83-jwt-auth-middleware