mezzio-authentication return a DefaultUser immutable for security reasons. I use it with mezzio-authentication-oauth2 and oauth2 do not use the roles attribute (UserInterface) but i need it to use mezzio-authorization-rbac or mezzio-authorization-acl to protect my api routes.
Because DefaultUser is immutable i cannot create my own middleware to alter the current psr-7 DefaultUser (db request to find the role of the identity and fill the roles attribute) just after Authentication\AuthenticationMiddleware::class in my route.
I’m stuck on it… How can i proceed in my case?
Thanks in advance!