The only middleware that's truly required is the LoadClientStateMiddleware, and that's because it
enables session and cookie handling for Authboss. Without that, it's not a very useful piece of
software.
The remaining middlewares are either the implementation of an entire module (like expire), or a key part of a module. For example you probably wouldn't want to use the lock module without the middleware that would stop a locked user from using an authenticated resource, because then locking wouldn't be useful unless of course you had your own way of dealing with locking, which is why it's only recommended, and not required. Typically you will use the middlewares if you use the module.
| Name | Requirement | Description |
|---|---|---|
| Middleware | Recommended | Prevents unauthenticated users from accessing routes. |
| LoadClientStateMiddleware | Required | Enables cookie and session handling |
| ModuleListMiddleware | Optional | Inserts a loaded module list into the view data |
| confirm.Middleware | Recommended with confirm | Ensures users are confirmed or rejects request |
| expire.Middleware | Required with expire | Expires user sessions after an inactive period |
| lock.Middleware | Recommended with lock | Rejects requests from locked users |
| remember.Middleware | Recommended with remember | Logs a user in from a remember cookie |