Allow an authentication service #129 to also return authorization #83 information (user.roles and user.permissions).
Some authentication services can be trusted to also return authz info for a user, such as stormpath. Social authn services such as Google or Facebook should not be trusted for authz info.
Add trusted_for_authorization to an authentication service's options. If true, then user roles and permissions are accepted from it.
Allow an authentication service #129 to also return authorization #83 information (
user.rolesanduser.permissions).Some authentication services can be trusted to also return authz info for a user, such as
stormpath. Social authn services such as Google or Facebook should not be trusted for authz info.Add
trusted_for_authorizationto an authentication service's options. Iftrue, thenuserroles and permissions are accepted from it.