So you want to do custom RPC authentication? RPC is the primary and soon to be only way to tell a node what to do, as we're splitting the HTTP REST server out into a separate process that communicates with the node via RPC. The RPC authentication/authorization system already allows you to restrict what flows a user can start, so, I think there should not be any need to look up user credentials from within a flow.
RPC auth is handled by a regular JAAS module. You can find our simple config-file driven implementation in the file
ArtemisMessagingServer.kt, it is called
It works by delegating to an implementation of
For now you could patch the Corda source to use your own implementation. This is probably a better way to go than trying to do it in your own custom flows.
Support for better user authentication schemes is on our roadmap. If it'd unblock you and help you move faster, we can talk about the Corda team prioritising authentication upgrades to allow the use of LDAP, Active Directory and JDBC.