I have 2 apps, that will use Auth0. One is a SPA with an WebApi which will use the silent authentication, the other is a Asp.net MVC(Owin). Right now for getting a new access token in the SPA I am using the silent authentication thing.
For the MVC part I try to achieve the same behaviour as I have in the SPA, however the only possible solutions that I can come right now are:
1.Re-implement somehow the SecurityStampValidator.OnValidateIdentity so that it will call the Auth0. This is a little bit out of my scope since I do not know exactly what to implement on this part.
2.Add a middleware of some sorts and either try to generate a new access token, or store in memory a refresh token of the user and generate the newly access token by that.
The reason why I am trying this, is because one my requirements is this:
-If the user was disabled from Auth0/External provider(Gsuite, O365) and the user was logged, the user should either be forbidden of doing something on the app, or logged out. On the SPA, I was able to achieve this by using Silent Authentication, is something possible like this on good old Asp.Net MVC?