Thanks for following up on this! I’ve just ran through this in my own test environment and can confirm that the permissions are added correctly. Here’s a look at the access token I’ve received:
{
"iss": "https://domain.us.auth0.com/",
"sub": "auth0|622bc00324299ee0f0",
"aud": [
"https://test-api-endpoint",
"https://domain.us.auth0.com/userinfo"
],
"iat": 1677632536,
"exp": 1677632596,
"azp": "5sFZ3AuJ05QEasdfUfQjMuVwiujzSqcG",
"scope": "openid profile email offline_access",
"org_id": "org_YZN9osfdsfN5R8",
"permissions": [
"create:appointments",
"create:prescriptions",
"delete:appointments"
]
}
Are you able to confirm that you receive the org_id as a claim in your access token and that the roles you added to a user within the context of an organization have permissions associated with them?