I'm working on an JSON/HTTP backend that uses cookie/access token based authentication, modelled after https://haskell-servant.readthedocs.io/en/stable/tutorial/Authentication.html#generalized-authentication
Now I would like to add role based authorization to the mix. The User datatype that I use in my AuthHandler has a role attribute.
As far as I understand it, the user object is added to the context when the