We did something similar for one of our use cases, but we did not want the identity name passed in the URI to be the same as the actual user that should be used, for security reasons. We also took into consideration the fact that there could be multiple times the same username for different routes, but with different passwords (i.e. apiuser). So we did the following:
1. Parse the identifier from the URI as you did
2. Use a Map Value assertion to map that identifier to a semi-colon-delimited value consisting of:
a) A prefix string
b) The actual username to use in the route
c) The URL to route to for that identifier
3. Split the result of the mapped value into its 3 parts (${prefix}, ${username}, ${route_url}
4. Lookup the password in the stored password using the ${prefix}_${username} syntax.
5. Route to the ${route_url} using ${username} and password resolved in step 4.
Of course, for added security, we catch each step that could fail and return the appropriate HTTP response accordingly then Raise Error. (i.e. 401 for password not found in store, or missing map in Map Value, 404 for invalid identifier in URI, etc...)
That allows for a completely dynamic routing with dynamic basic auth.