I have a fairly sophisticated role/permission-based authorization system in my web application. I use oidc with PKCE against Identity Server 4 for authentication, but all pe
