Hi @lily.wisecarver, I have customized the solution a little bit so the application doesn’t have to deal with roles and instead only handles scopes. So I actually populate the scopes in the claims when generating the token. To fetch the scopes, I query the Auth0 management API using an application credentials for scopes assigned to a role.
This would have been easier if the token in the role can access more management APIs than what it currently can access so I dont have to generate the token to call the management APIs.