I’m little confused about how the terms “Scope” and “Permissions” are used between Documentation, official Examples and the settings itself here at Auth0. I’ve read all the questions here around the same topic, but I am confused once more after reading them.
As one can see at the page https://auth0.com/docs/quickstart/backend/golang/01-authorization#validate-scopes, the function
checkScopes will be used to ask for a permission “read:messages” within the scope of the Claims of the JWT token. However, although I added some permissions to the user that I was using here, there are not present in the scope. The scope consists just “openid profile email”.
Permissions are even not present at all in the returned token.
Is this a bug or a feature or what I got wrong here?
Many thanks in advance for any explanation.