Dashboard SSO support: CF authZ (service instance permission)

[gberche-orange]

• As a spring-cloud-open-service-broker user
• in order to expose additional dashboard endpoints restricted to CF users having access to the service instance
• I need some support to check user permission as documented in dashboard-sso.html#checking-user-permissions

The Oauth based authN flow is pretty well documented when the dashboard urls are fronted by spring-cloud-gateway, see 2019 blog securing-services-with-spring-cloud-gateway

The authZ using the CF GET /v2/service_instances/:guid/permissions endpoint seems less documented. Custom spring security authZ using blocking servlet API is documented at spring-security#authz-custom-voter, 2009 blog spring-security-customization-part-2-adjusting-secured-session-in-real-time, as well as baeldung.com/spring-security-custom-voter however the reactive counter part is harder to find, boot-features-security-webflux seems a good entry point.

Would the spring cloud community have code snippets or pointers available to share to support this use-case ?

If not, I'll keep on iterating with my prototyping and would be keen on contributing this to the spring-cloud-open-service-broker documentation of this can be useful to the community.