Bear with me while I try to understand your use case further.
From a server-side perspective, how would the user’s name be the logged-in user’s name? You could have ten, or a hundred, or a thousand users logged in at any given time.
Plus, each client device knows what his own user’s name is: it’s available to him at rest/user/profile
and it’s returned to him in the response to his login POST /rest/user/session
, so the client could provide his own user name along with any API call at any time.
If you’re simply concerned about table-level or row-level data security, I recommend checking out some of the below links. I assume you’ve read them already, I just need to know how/why they don’t fit your use case.