I’m new to Auth0 and getting a bit confused about scopes and permissions and how they relate.
A lot of the documentation implies that scopes are permissions, and that you should create scopes such as “read:messages” and “write:messages”.
But when you create Permissions in the API, and then request an Access Token from the front-end, these appear in a “permissions” claim but not in the list of scopes.
However if you create Permissions through the Authorization Extension, then they do appear as scopes in the Access Token and not as a Permissions claim.
How is this supposed to work and why is there this difference between the Authorization Extension and the way the main one works?