Adan,
You can still access the access_token through the req.user object 
My colleague @holly suggested that using the express-jwt-authz gave us a simpler implementation of the middleware function that checks for permissions.
It’s not so much as that using that package is a best practice but rather that it gives you the same outcome with less code 
If you prefer, you can still use the previous middleware function. Here’s the file code in case you need it to compare. This should be latest version. Does it match with what you have?