I’ve got RBAC turned on for my Auth0 API. It is returning JWTs with users’ permissions.
How should I properly use those permissions when authorizing a user with an AWS Lambda custom authorizer? I’d like certain API Gateway endpoints to require specific permissions, but I’m not sure how to do this without creating a separate authorizer for each permission-type I have in my application - this could cause me to create too many authorizers with almost identical code.
For example, I’ve got this endpoint:
galleries/create
I’d like to only allow users with the following permission to be allowed to use this endpoint:
create:galleries
Thanks!