I have an application that has multiple organizations (not Auth0 organizations) each Auth0 user can be in multiple organizations and needs to have differing roles per organization.
Right now I can assign a role to users giving them write access. However they may only have write access in organization 1 and read-only access in organization 2.
How could I split these roles/permissions based on the organization the user is in? The app_metadata for each user houses an array of organizations that the user is in keyed by the org id.
I am currently using the basic JWT authorizer for the HTTP API gateway.
As we store the organization id and the rules the user has in the app_metadata object could we pass the organisationId in when requesting an access token and have a rule populate the access token with the correct role based on the organization id?