Extension: Add Authorization component #538
Description
Related to #512
- decoration at controller/method level may not be flexible enough
- URL-based rules as an alternative
- fine-grained access control on per-model-instance basis - ideally solved at Repository level
- local User/AccessToken auth scheme and models
- ACL/Role-based rules vs. scope-based rules
- JWT
- OAuth