Hi,
Thanks for the docs feedback - we’re very aware of the hole in the documentation for plugins and are actively working on adding more example.
The problem you have here is that you want to apply rate limits across JWTs for the same user. That is exactly what the JWT and OpenID middleware does (it applies policy and rate limit data to the subject - I.e. The underlying user).
If you are worried about the overhead of the JWT validation, I really wouldn’t, especially considering the overhead that would be added by custom middleware.
The custom auth middleware for rich plugins and Otto work the same way, as do policies, so that just may be a misunderstanding.
I would suggest just going with the provided functionality.