API RBAC, Auth0 Actions, RWA

I found somes resources that describe adding Roles and Permissions using Auth0 actions and customizing the scope of jwtAuthz, which I wonder if I can use as a solution to secure an API endpoint, but I haven’t had a chance to test this yet. I came across this stuff when attempting to figure out how to get an API access token with roles/permissions for a user with an Auth0 Regular Web Application.

Hi @milotis,

Thanks for reaching out to the Auth0 Community!

Yes, please see this FAQ on how to accomplish RBAC for your application.

Please let me know if you have any questions.

Thank you.