Just to add also experienced the same issue highlighted here
Scopes vs Permissions confusion where in the scopes added into the api are added in permissions and not in the scopes attribute
{
“iss”: “https://dev-ab54g1pc.auth0.com/”,
“sub”: “google-oauth2|109487646265427827841”,
“aud”: [
“https://localhost:7071/v1/members”,
“https://dev-ab54g1pc.auth0.com/userinfo”
],
“iat”: 1599543150,
“exp”: 1599629550,
“azp”: “2LnQOpLSecBbDM3sEGGt5QaSvEGwwep6”,
“scope”: “openid profile email”,
“permissions”: [
“read:messages”,
“test:members”
]
}