Hi, My API has a large number of fine-grained permissions. Based on the Permissions, Privileges, and Scopes blog post and other references I understand that I do not want to include the entire list of permissions in the scope. Ideally I would like to have coarse-grained “roles” - reader, writer, …

Hey @darrenk ! Generally speaking, regarding API authorization, the Auth0 Identity Provider will issue a JWT access token containing the scope claim. The scope claim content is the intersection of: -scopes requested by the client application with the /authorize request by specifying the scope quer…

Coarse-grained scope in ID token to fine-grained API permission

Help

darrenk May 6, 2024, 3:55pm 6

This does provide a lot more clarity.
Your response along with this answer has cleared up my confusion around scopes, roles, and permissions.

Thank you @marcelina.barycka
-Darren

Topic		Replies	Views
What is the proper way to do fine-grained permissions? Help roles , access-token , permissions	2	9218	July 25, 2019
Permissions in Access Token Help server-api , rbac	4	15991	August 30, 2019
How can I get permissions into my scope in the access token? Help auth0	10	10190	April 2, 2020
Auth0 JWT doesn't have requested API Scopes Help jwt , scopes	10	4413	September 4, 2021
Merge scope and permissions in scope in a rule Help rules	4	6167	April 1, 2020

Coarse-grained scope in ID token to fine-grained API permission

Related Topics