I have created a front end for users management in fusionAuth to which the users log using fusionAuth username/password. We authorize the requests sent to the user management endpoints e.g. api/user/search by providing an ApiKey defined in FusionAuth -> Settings -> Api Keys, which is granted access to these endpoints.
I want to limit the access only to certain users and authorize such requests by using logged user bearer token, however I get 401 Unauthorized response. The token is valid and both e.g. /api/jwt/validate and /api/user/ return 200 with user's data, so clearly I'm missing some access roles.
Question: is it possible to authorize user assigned to application via custom tenant (not FusionAuth) using Bearer JWT Token to access api/user/search API? One way would be to assign a custom Role both to the Application and User, validate the token for those roles in the backend and then swap the authentication method from Bearer Token to a Api Key kept on the server along the corresponding tenant-id, but I hope there's an out of the box solution to handle it.