Outstanding article! I now have my API fully secured with a wide array of scopes and permissions.
I will say that I had to combine info from this article with info from the quickstart in the tutorial. And then to test it out, I used a machine-to-machine api token with all the scopes turned on.
Just wanted to say thanks for the instructions, and thanks for Auth0 itself.