We need to validate token in one filter, the existing Kv2v2 filter, then call a filter to gather more tenants, then call Authorization to do an authZ check in a new filter. (tenant check, ep check, exclusions check - ignore roles)
Documentation exists to treat Kv2v2 filter as AuthN only.
Config exists to set tenanted to false
We will note deprecation so that in v9 of Repose, the AuthZ bits will be handled in a new AuthZ filter (the way it was a year or so ago).
We will log when someone's using the AuthZ portions? Warn on config update...
Behavior for non tenanted -