Our frontend application handles user logins and receives an AccessToken. We plan to use this AccessToken across multiple APIs in our ecosystem, and we want it to include the user’s permissions for each API they might access.
I created an API in the Auth0 Dashboard, enabled “Enable RBAC,” and activated “Add Permissions in the Access Token.” Based on the RBAC Settings descriptions, I assumed this would be sufficient to add permissions to the AccessToken upon user login. However, this did not reflect in the token. I can only see “roles” that I added to a namespace using an Auth0 Action but I cannot find permissions in the “session.user” object.