question on row level security

The new row level security feature in 9.5 looks great.
I guess its designed around the need to restrict access based on the 
current database user (current_user) where this maps to a database user.
But most applications now access the database using an application user 
and manages data for the applications multiple users (probably with each 
user being a row in a USERS table somewhere).
Is there any way to "inject" the application user so that this can be 
used in a RLS check?
e.g. conceptually:

set app_user 'john';
select * from foo;

where the select * is restricted by a RLS check that includes 'john' as 
the app_user.
Of course custom SQL could be generated for this, but it would be safer 
if it could be handled using RLS.

Any ways to do this?

Tim