Is there any way to get metadata about who (authid) published a given message or called an RPC? After I have users authenticate and authorize them for a given role (e.g. allowing them to publish to mychat) how can I prevent clients from spoofing each other's names? Subscribers/callees are just passed the arguments that the pub/caller passed; I don't see how to get session data.
A workaround might be to use dynamic authorization, where each client is only authorized to publish to mychat.<userid>, but that seems icky. Can I just get the session dictionary for normal subs/calls like the dynamic authorization call gets?