If you are using Auth0 with GraphCool and implement solid authorization and permission queries (like this tutorial: https://www.graph.cool/docs/tutorials/authorization-content-management-system-miesho4goo/).. Do you even bother with roles/scope from the Auth0 side of things?

I manage all of my roles/permissions etc within graph.cool - just using auth0 to authenticate users

Yeah it seems unnecessary to do it in both places, as the graph.cool will authenticate every request using the JSON web token. Do other people agree?

There's a FR to improve on that integration: https://github.com/graphcool/feature-requests/issues/137#issuecomment-321384222 Short version: I think it would help to have those claims available directly in Permission Queries.

That is an interesting FR for sure, thanks!