I have a question regarding this. I am doing something similar, but at the same time use the role / permission embedding in the token. How can I refresh the token the auth0 will send to client after I have assigned the new role?
My whole flow is described here → How to refresh the token after merging user & assigning role?