diff --git a/pkg/apis/middleware/scope.go b/pkg/apis/middleware/scope.go
index 2d84f00e..4b0b6a77 100644
--- a/pkg/apis/middleware/scope.go
+++ b/pkg/apis/middleware/scope.go
@@ -17,6 +17,10 @@ const RequestScopeKey scopeKey = "request-scope"
 // The RequestScope is used to pass information between different middlewares
 // within the chain.
 type RequestScope struct {
+	// Authorization is used to indicate if the requset has been authorized
+	// by an authorizer earlier in the request chain.
+	Authorization Authorization
+
 	// ReverseProxy tracks whether OAuth2-Proxy is operating in reverse proxy
 	// mode and if request `X-Forwarded-*` headers should be trusted
 	ReverseProxy bool
@@ -43,6 +47,55 @@ type RequestScope struct {
 	Upstream string
 }
 
+// Authorization contains information about the Authorization of a particular
+// request.
+type Authorization struct {
+	// Type is the type of authorization.
+	// Valid values are: Request.
+	Type AuthorizationType
+
+	// Policy is the authorization policy to apply to this request
+	// given the authorization type.
+	// Valid values are Allow, Delegate, Deny or omitted.
+	// When omitted the caller should decide how to handle this.
+	Policy AuthorizationPolicy
+
+	// Message is a message set by the authorizer.
+	// This can contain any information about the authorization decision.
+	// It may contain success or failure indications.
+	Message string
+}
+
+// AuthorizationType is a type of authorization for the request.
+type AuthorizationType string
+
+const (
+	// RequestAuthorization indicates that the request was authorized
+	// based on the request based authorization. For example via an allowed route
+	// or allow IP combination.
+	RequestAuthorization AuthorizationType = "Request"
+)
+
+// AuthorizationPolicy is the policy to apply based on the authorization type.
+type AuthorizationPolicy string
+
+const (
+	// AllowPolicy indicates the request should be allowed.
+	AllowPolicy AuthorizationPolicy = "Allow"
+
+	// DelegatePolicy indicates the authorization should be delegated to a later
+	// authorizer.
+	DelegatePolicy AuthorizationPolicy = "Delegate"
+
+	// DenyPolicy indicates the request should be denied.
+	DenyPolicy AuthorizationPolicy = "Deny"
+
+	// OmittedPolicy is the default policy. This should not be set explicitly
+	// but can be used to determine that the authorization has not yet been
+	// completed.
+	OmittedPolicy AuthorizationPolicy = ""
+)
+
 // GetRequestScope returns the current request scope from the given request
 func GetRequestScope(req *http.Request) *RequestScope {
 	scope := req.Context().Value(RequestScopeKey)