I now have two disconnected types of users:
HTTP Basic authenticated users, whose credentials, roles and authorities I manage. Their roles/authorites are appropriate for my application.
OAuth2 authenticated users, whose credentials, roles and authorities are out of my control. Their roles/authorities are unrelated (and irrelevant) for my application.
How can i solve it?