So far, LB4 does not provide any built-in solution for authorizing incoming requests (see #538). In this spike, we should investigate how LB4 app developers can implement and configure their own authorization scheme and verify that LB4 design is flexible enough to support them. > The idea is to build a new authorization component to validate if our extensibility story is good enough - #1205. Basically, instead of shooting in dark, using the authorization use case as the driver for the spike. ## Acceptance Criteria - use authorization component to hash out how our extensibility feature is going to be further devleoped See also #1034 and #1035