I have to implement role-based Authorization for web APIs, we decided to have an authorization server that stores roles and permission set on all resources, also it provides
