Hi, My API has a large number of fine-grained permissions. Based on the Permissions, Privileges, and Scopes blog post and other references I understand that I do not want to include the entire list of permissions in the scope. Ideally I would like to have coarse-grained “roles” - reader, writer, …

Hey @darrenk ! Generally speaking, regarding API authorization, the Auth0 Identity Provider will issue a JWT access token containing the scope claim. The scope claim content is the intersection of: -scopes requested by the client application with the /authorize request by specifying the scope quer…

darrenk May 6, 2024, 3:55pm 6

This does provide a lot more clarity.
Your response along with this answer has cleared up my confusion around scopes, roles, and permissions.

Thank you @marcelina.barycka
-Darren

Coarse-grained scope in ID token to fine-grained API permission