There are certainly some possibilities here. Already you could send auth tokens to the collector as a context and validate them with the JS Enrichment or the API Enrichment - this would be powerful for authenticated users, you could simply pass the auth token and enrich the event with user data based on the auth token as well as further authenticating the event for logged in users. I proposed something similar with the reCaptcha v3 enrichment RFC, where is calls the reCaptcha API to validate the data attached to each event.