Replace optional JWT verifier with explicit modes

Table of Contents

This page is a capture in the deferred bucket of the product backlog — a pre-sprint idea, not yet pulled into a sprint as a story.

What

(One paragraph: the idea.)

Why

(Motivation, problem being solved, related context.)

References

See also

The JWT verifier is currently std::optional<jwt_authenticator>. The optional pattern is opaque — callers cannot tell whether the service is running in "no auth" mode deliberately or due to a configuration error.

Replace with an explicit mode enum: 

enum class auth_mode { allow_all, strict };

In allow_all mode the verifier is skipped entirely; in strict mode a valid JWT is required. Configuration reads the mode from the environment / config file and constructs the handler accordingly. This makes the intent explicit and allows unit tests to set the mode directly rather than passing std::nullopt.

Emacs 29.1 (Org mode 9.6.6)