Thanks for responding @dan.woda . I’ve seen it in many places in the documentation and several community forum topics. Here’s the one i could find again the quickest:
and the auth0 client sdk doesn’t expose any way to read things from the access token, like it does for the id token.
Yes, I am planning on checking the user permission to hide/disable features the user doesn’t have permission to access (the API will deny those requests).