The current method of identifying authentication details in the currentUser variable makes it difficult to identify which is the current authenticating provider: if a user has authenticated against one workspace and then moves to an app in another workspace, that user isn't necessarily reauthenticated using the new workspace's auth provider. That means that an app that's created expecting a particular currentUser auth attribute may not be able to access that attribute, because the user didn't authenticate using that app's auth provider.

We propose adding another attribute to the currentUser global variable, called something like "currentAuth", which is a copy of the details for the active authentication session. Using this, an app developer could reference currentUser.currentAuth.extra.mail (for instance), and be able to know this would be populated regardless of which workspace the user authenticated with in their session.