Once or twice per month we send a subset of our user spam information about third party products. As this is a German project, data protection laws are very strict (long before GDPR), and we made very sure to only spam inform users who opted in.

But during all the GDPR related discussions, management decided that we need to fine-tune our terms and allow users to disagree on being spammed informed about third party products, while still keeping their account to use the core services. Fair enough!

But there was a small implementation detail: We have one central OAuth2 server that also manages the so-called term-agreements (i.e. which user agreed to which terms during a given time frame). We have a different, slightly legacy system to manage newsletters and send them to users. So we now need to sync the detailed term-agreement info from the Auth system to the Newsletter system.