Question about Middleware Execution Order

I just discovered this new interesting documentation about middleware execution order
cf //

I noticed that there is a differentiation between custom post auth middlewares and custom post middlewares.
Whereas I can not find this differentiation in Middleware Scripting Guide section where we talk about only “pre” and “post” middlewares.

Can anybody explain how can I create a custom post auth middleware ?

Thanks !

Hi, the post-auth middleware gets executed immediately after the authentication, the post middleware is executed after additional middleware like key expiry check, access rights, check, etc. Both get executed before sending the request to upstream.
To create a post-auth middleware use post_key_auth (instead of pre or post) when creating your plugin bundle or defining your custom middleware block, see this plugin bundle manifest contents:

  "custom_middleware": {
    "post_key_auth": [
        "name": "TestHook"
    "driver": "python"

Are you planning to create a JS middleware?

Hello @matiasb and thanks for your reply.
I understand better how to add a custom post auth middleware.
My last question is: is it possible to implement this kind of middleware with JS like the pre and post middlewares?

JS doesn’t support the post-key auth hook at this moment, it’s only available for rich plugins (Python or any gRPC based plugin).