Adding permissions in ID Token via rules, but auth0-react/Auth0Provider doesn't update token

I am trying to do this:

  • An auth0 rule puts copies the user permissions in the token id.
  • Once some registration is over, my API sets a role to the user via the management API. This sets the user permission ‘navigate’ to the user.
  • The next.js frontend then redirects to the main page, that checks the permissions in the token id and redirects further if ‘navigate’ is present.

I use the auth0-react 1.5.0 npm.

Problem: even though I call getAccessTokenSilently({ ignoreCache: true }); just before I check what the user contains, the user doesn’t get updated.

I suspect this is because the field updated_at is not changed by my rule, and, in auth0-react/src/reducer.tsx, the GET_ACCESS_TOKEN_COMPLETE case updates the user only if updated_at has changed.

I am not sure how I can test this further, or if I should simply use the permissions in the access token instead of trying to put them in the id token.