Get user org IDs in /token response JWT without specifying org_id up front

For context (since I might be trying to solve this the wrong way): what I’m trying to do is manage access to data based on a user’s organization. In my database, I store the Auth0 org_id and associate it with the data that should be visible to that org, so that I can SELECT * WHERE org_id = org_####### etc. Let me know if this is the wrong approach.

In my tenant I have users spread across various organizations. All users of all orgs have their own email+password login. I want to have one login page, so no subdomains for each organization (besides, despite mentioning it, the docs don’t explain how to do that), and no “type your organization name” login screen (because informing all of the users of an organization that they have to put a dash or an underscore instead of a space when typing their multi-word organization name is terrible UX, among other things). When I make an API call to my backend and pass the Bearer token, I want my backend to be able to parse this token, find the org_id(s) a user is a part of, and then build a query for my database using those. You know, exactly like how permissions work.

Is this possible? The only workaround I can think of is using the Management API to query a user’s organization memberships on my backend every time a user makes a query, but this is vastly less preferrable.