No, currently Auth0 does that. Hasura needs the key to decode the JWT token to validade if it's a valid token only for requests that are behing authentication. User info are embedded in the JWT token for now.