Thanks for confirming!
Are you able to validate an access token successfully? Once validated, you should be able to make decisions in your API/backend logic based on the permissions claim and/or roles if you add them as a custom claim in the access token:
https://community.auth0.com/t/how-to-add-roles-and-permissions-to-the-id-token-using-actions/84506