I’d like to authorize based on roles that are not defined in my crossbar config file. If my dynamic authorization method returns a role, I get:
Internal error (2): role auto-activation (role ‘test_role’) not yet implemented
It appears that crossbar requires roles to be predefined in the configuration.
Instead, I’m wondering if there’s a way to store information in the session, such that it is persisted between requests, but not exposed (or editable) by the client. Then I could load the roles & abilities into the session object, and refer to that in my dynamic authorization method.
Any other suggestions?