If you are authorizing using an audience parameter you will also need to make sure your silent authentication call includes that audience parameter.
Additionally, if you are updating the email or username field this may also require the user to re-authenticate again. If possible don’t patch the entire user record - just the attributes that need to be updated.
It would be interesting to see a trace of the network calls from login through to silent authentication. That will be your best source of truth.