Hi all, I'm a bit new to SpiceDB but I couldn't find an answer to this question in the docs. Does SpiceDB support check request-time relations? We are currently evaluating Zanzibar-based authorization services for our application and found this feature as part of OpenFGA: https://openfga.dev/docs/modeling/token-claims-contextual-tuples I know the pattern of basing auth decisions on tokens has downsides around revoking access, and is generally against the intensions of ReBAC based authorization, but our application needs to integrate with 3rd party identity providers, which communicate group membership as part of their tokens. I'm trying to understand if there's an easy way we could use SpiceDB in a similar way, so we can pass in group relations from the tokens present in our API requests. Thanks for the help!