i'm specifically looking at using this in ASP.NET Core, and Microsoft already provides a modular authentication & authorization framework. it's looking fairly straightforward-- i simply need to implement a few, required abstractions. it looks like the bulk of my work is reverse engineering things like the above so that i can map it into the existing framework.