Passing information from authenticate to post-auth (was: Why Authorization before Authentication)