Found the solution myself:
I used the query.promp to check if this is a silent auth then apply my logic and pass the additional parameter via checkSession method to handle my rules inside the action:
if (event.request.query.prompt === 'none') {
const currentOrgId = Number(event.request.query?.additional__parameters?.org_id) || 0
const currentStage = event.request.query?.additional__parameters?.stage === 'dev' ? 'test' : event.request.query?.additional__parameters?.stage;
...