I recently added bonding and authentication to my application. I have two characteristics with CCCDs and they are both broken. One characteristic is "protected" (requires authorization) and the other is not.
} else if (req->type == BLE_GATTS_AUTHORIZE_TYPE_WRITE) {
NRF_LOG_INFO("Unhandled write. Allowing. writeHandle: %d writeOp: %d UUID:0x%x UUID_TYPE: %d", req->request.write.handle, req->request.write.op, req->request.write.uuid.uuid, req->request.write.uuid.type);
auth_reply.type = BLE_GATTS_AUTHORIZE_TYPE_WRITE;
auth_reply.params.write.gatt_status = BLE_GATT_STATUS_SUCCESS;
auth_reply.params.write.update = 1;
auth_reply.params.write.offset = req->request.write.offset;
auth_reply.params.write.len = req->request.write.len;
auth_reply.params.write.p_data = req->request.write.data;
APP_ERROR_CHECK(sd_ble_gatts_rw_authorize_reply(conn_handle, &auth_reply));
} if ( (p_evt_write->handle == p_service->rx_handles.cccd_handle)
&& (p_evt_write->len == 2))
{