Hey Dan,
I am applying using roles. I figured out I needed to access the scope at a different key. Adding the customScopeKey option to the express-jwt-authz function was the trick:
const authorizeAdmin = () => {
return [jwtCheck, jwtAuthz(['admin:all'], { customScopeKey: 'permissions' })];
};
Not sure if something changed and it used to be on the scope key and now it’s not? But it’s working now so I’m happy 
Thanks,
Clark