How to connect authentication system with permissions?

DF does not support custom OAuth authentication other than a number of predefined providers.

So what is the recommended approach for authenticating end users (not DF users) and give them permissions over different endpoints?

If I’m not mistaken permissions are role based. So how would we connect those DF roles with our user roles?