Extend existing Authentication methods to provide Authorization features

Is your feature request related to a problem? Please describe. Currently the authorization methods withAuthUserTokenSSR and withAuthUserSSR allow us to validate if a request for page is Authenticated or not. We require that users are not only Authenticated but that the user also has the Custom Claim admin.

Describe the solution you’d like and how you’d implement it The existing withAuthUserTokenSSR and withAuthUserSSR methods will be extended to take 2 optional additional parameters; which will be used to verify if the Authenticated users is Authorized to access the page; and if not redirect them to an appropriate access denied page (provided by the developer).

• whenAuthed?: AuthAction.RENDER | AuthAction.REDIRECT_TO_APP
• whenUnauthed?: AuthAction.RENDER | AuthAction.REDIRECT_TO_LOGIN
• appPageURL?: PageURL
• authPageURL?: PageURL
• validator? (user: AuthUser) => boolean
• accessDeniedPageURL?: PageUrl

The existing method will be extended to accept the 2 emboldened new parameters (validator and accessDeniedPageURL). The method will then, once we have verified the authUser with existing code, run the validator function (if it is provided). If the validator function returns false we should then redirect the users to the accessDeniedPageURL.

Is this a breaking change? No, the additional options would be optional and so an opt in approach to upgrading the interface.

Describe alternatives you’ve considered The alternative we are currentyl using is handling this in our own code. While this is okay, it would be (I think) a feature that would be nice to push up to the framework.