Question about processing multiple authorization sources