Is it possible to authenticate against a client role? We use IdentityServer3 and want to have some type of role based throttling.

We could go by id_token but there will be millions of tokens, and I dont think calling a refresh and rebuild the clients portion would be correct.

Thanks,