We currently have hundreds of users actively using our application. For roles, we simply include a “roles” property in the metadata and decode it in the services. We’re moving towards a modern, OAuth2 compliant architecture using scopes and would like to use the Authorization Extension to ease the management of the users and permissions.
When I add the Authorization Extension to our current tenant, is there any danger to our current setup? Does it modify the metadata of users? Will the additional rule cause complications? Or is this an all-or-nothing addition that will require some downtime to implement?