Hi! Has anyone ever done role <-> permissions/authority mapping when using an opaqueToken? I am having this securityWebFilter

`fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain? =
        http.csrf().disable().authorizeExchange()
            .anyExchange().permitAll()
            .and()
            .oauth2Client()
            .and()
            .oauth2ResourceServer { it.opaqueToken(withDefaults()) }
            .build()

and my Principal gets populated with the fields from the token as a BearerTokenAuthentication (I'm guessing this happens within the oauth2ResourceServer-block?) I'd like to add a layer where I can map the given role to some permissions specifically for my back end service. How should one go about this? I've tried implementing an AuthoritiesExtractor and PrincipalExtractor and exposed them as @Components but they never seem to be called (I am using webflux with spring 2.2.6.RELEASE) I guess I could do a roleToPermissionService and call that immediately from the controller but it feels a bit non-springy

there is a spring gitter in channel's topic