I am adding OAuth 2.0 to an existing API which currently is self governing i.e. it issues its own access tokens including custom claims.
There are several miroservice
