This includes but is not limited to: - Not hard-coding the Authorization Server - Not hard-coding the claims - Use a cache for the JSON Web Key Sets
