I was actually thinking about OIDC and even tho it's a layer on top of OAuth 2.0 it doesn't mean I need to use their "scope" as authorization, instead just use it to identify the user and use the subject against SpiceDB