Just out of curiousity, if we needed to implement a different auth paradigm from RBAC (ABAC, for example), would it be possible to plug our own Auth api into Auth0? I was thinking about creating custom rules that include an API call. Is that a common design strategy? Anything else you would recommend?