We need to be able to expose different information in a SC call depending on the authorisation of a user. I don’t just mean the authorisation level once a user is logged in, but also we need to know if the user is not authenticated at all. This way we can return targeted information depending on the user authorisation - an unauthorised used might get a reduced data set, while a logged in user may see additional information specific to them, or even a completely different data set.
Currently the security system in SC immediately returns the 401 if the user is not authenticated - it would really be useful if the flow was able to handle this itself. I saw another post some time back from @patrick saying they could introduce a flag to support this sort of logic rather than just returning 401, but I don’t think this has been added?
Can someone suggest how to work around this while maintaining security? I guess we could just use session variables, but I would prefer to retain the security enforcer.