I am trying to secure an Amazon HTTP Gateway using Auth0 and correct me if I’m wrong but the current implementation of the permission claim in Auth0 to users through any API is not supported.
AWS’ documentation indicates that it will validate the following claims:
kid– The token must have a header claim that matches the key in the
jwks_urithat signed the token.
iss– Must match the
issuerthat is configured for the authorizer.
aud– Must match one of the
audienceentries that is configured for the authorizer.
exp– Must be after the current time in UTC.
nbf– Must be before the current time in UTC.
scp– The token must include at least one of the scopes in the route’s
It doesn’t say anything about a permissions claim. When I create a new scope for an API and assign it to a user, it comes in the JWT inside a permissions claim. Does this mean this is not compatible with AWS API Gateway for integration off the bat?