Thanks for your response. Still no progress. Extremely frustrating. I didn't find any issues re. your recommendations. I have checked that KINDE_DOMAIN_COOKIE=.mydomain.com is set on nextjs server. Client uses nodejs (typescript client). I also double-checked docs and went back to separate Kinde apps for each so it complies with how subdomains are setup. 

Here are server logs from withAuth in Kinde debug mode:-
```
getAccessToken: invalid token or token is missing (are you logged in?)
getIdToken: invalid token or token is missing (are you logged in?)
authMiddleware: no access or id token, redirecting to login
```

I then removed the matcher from middlware so request was forwarded to the route. I logged the headers and also verified token against Kinde issuer /.well-known/jwks.json endpoint. This is how I confirmed that it was a valid token included in the headers.

I'm not at a total loss on how to proceed. To answer your questions:-

1) Middleware:
```

import { withAuth } from "@kinde-oss/kinde-auth-nextjs/middleware";
import { NextRequest, NextResponse } from "next/server";
import { verifyToken } from "./utils";


export default withAuth(
   async function middleware(request: NextRequest) {
      console.log("Middleware function called");
      console.log("Request URL:", request.url);
      // Convert Headers to a plain object for logging
      const headersObj = Object.fromEntries(request.headers.entries());
      console.log("Request headers:", headersObj);

   },
   {
      //      postLoginRedirect: "/api/auth/login-callback",
      isReturnToCurrentPage: true,
      loginPage: "/login",
      isAuthorized: ({ token }: { token: any }) => {
         console.log("isAuthorized token:", token);
         return true; // token.feature_flags?.morezeroapplication?.v
      }
   }

);

export const config = {
   matcher: [
      '/api/v1/:path*',
   ],
}
```

2)  I'm using typescript and module compiles i.e. no naming problems with handleAuth. 
3) Using custom logic to process the token is not feasible since this is part of a monorepo and I'm using a shared library that calls getKindeServerSession to get the token. The shared library is used by multiple other apps. 
4) I have logged auth header when sent from client and captured it when received by api-server. I used chatGPT to compare results and it said header is identical except one used a capitalise "A" for "Authorization", which is irrelevant. 
5) @kinde-oss/kinde-auth-nextjs version = 2.8.0 - a recent download

Thanks,
Dave