How Does Auth0 Recommend Handling Authorization in a Microservices Architecture?

Hi @kriseva,

Given that RBAC is specifically designed for this type of use cases, you can firstly define roles, then add permissions to them - Manage Role-Based Access Control Roles.

The Maximum Request Size for the ‘/oauth/token’ Endpoint is 500kb, which is mostly sufficient in any scenario, while you can also check the Number of Roles/Permissions per User here.

Best regards,
Remus