For 4.0.0 (crow):

I have a case where I'm using express and rest services only. I have multiple authentication service paths (though you only need to set up any one custom service path) with their own configuration keys, and therefore no default authentication service. For example,

const app = express(feathers())
    .configure(configuration())
    .use(express.json({limit: '1mb'}))
    .use(express.urlencoded({ extended: true }))
    .configure(express.rest())

const authService = new AuthenticationService(app, 'custom')
authService.register('jwt', new JWTStrategy())
authService.revister('local', new LocalStrategy())
app.use('/custom/authentication', authService)

(also all my services under this authentication service are subpaths of /custom)

Anything using the authenticate hook, e.g.

authenticate({ service: 'custom/authentication', strategies: ['jwt'])

gets a 401, because at no point does the Authorization header get parsed.

After tracing the source, I resolved this by adding the following line:

app.use('/custom', express.parseAuthentication({ service: 'custom/authentication' }))

Since custom service points and configurations is prominently highlighted in the documentation, at the very least this needs to be documented, since it's a pretty huge gotcha (and took me hours to track down). It would be even better to take care of this when app.use is called to add the authentication service, but that would probably require extra configuration information.