Related to #18 We currently use an internal implementation of OAuth. This is focused on authN; guessing that authZ isn't a concern but maybe that is incorrect.
