Decide whether a request bearing authHeader is authorized under cfg, returning the failure kind (AuthFailure.none on success) and, on success, the validated TokenInfo. Pure of HTTP concerns so it can be unit-tested and reused by any transport.
Decide whether a request bearing authHeader is authorized under cfg, returning the failure kind (AuthFailure.none on success) and, on success, the validated TokenInfo. Pure of HTTP concerns so it can be unit-tested and reused by any transport.