Hi,

- I do not understand the need for the static entity, which makes a bit hard to adjust.

- common pattern is 2legged oAuth2 for app2app business, this is not easy to conjure.

- the demo is a mess regarding references, which results in again hard to untangle what is what.