I ended up executing code that looked like this in TDSAuthenticationManager.OnUserAuthorize
if valid = false then
begin
GetInvocationMetadata.ResponseCode := 403;
GetInvocationMetadata.ResponseMessage := JSONResponseObject.ToString;
GetInvocationMetadata.ResponseContent := JSONResponseOjbect.ToString;
end