Nice stuff @bajcmartinez ! Thank you for sharing it … quick question, is there a way to obtain the permissions related to the user? In our case, we would like to know that if together with the verification of the token, we could also verify if the user has permissions to access a certain endpoint, such as read:appointments 
Not sure if the permissions / scope is part of the payload of the JWT in this example …
Imagine being able to have a decorator, such as
@protected(required_permissions=[“read:appointments”])
def get() → List[Appointments]: …