I'm looking for best practises to implement role based authorization in addon endpoints. I'm using JWT authentication which gives me access to the userId of the user making the request, but no information about the user's JIRA permissions.
Is it possible to configure the JWT authentication to include user scope in the token, or do I need to look up the user's permissions for each request?
