I would like to use middleware to handle authorisation functions for my applications (e.g. checking whether a particular user holds a certain role and is therefore authorised to use an API), but have no way of passing internal API-specific data to it, such as what roles are allowed to access it. I don't want any input parameter to be used, since as an authorisation use case, such values obviously MUST NOT be available to the user.
Currently, I use a custom function that achieves this goal but I would prefer to use middleware, as it can be enforced "globally" if I so desire, reducing the risk of the custom function being missed.
So in effect, I would like to see the ability to add an input for the middleware that accepts non-dynamic inputs, ideally a few base options such as enum, text or integers - both single and arrays. If this existed, I would set the parameter on the middleware per-API with an array of authorised roles for accessing that API, and let the middleware handle all the authorisation checks.