What's best practice for managing users, roles and permissions in a web app?

Hi @larrybarry,

That’s correct! There is a feature in your API settings where you can enable the Add Permissions in the Access Token feature.

On the other hand, for Roles, you will need to use a post-login action script to append the roles as a custom claim to the access token.

Please see this knowledge solution on how to do so.

Let me know if you have any questions.

Thanks,
Rueben