Change User Scopes Dynamically without Re-logging in

I’m trying to use scope guards to limit access to portions of my website and associated back end REST points.

I’d like to change them dynamically, so for example if a user agrees to the terms and conditions on my website, then their allowed scopes would change (I think this is all possible via web hooks that make calls to my servers to check this).

However, the issues is, once a user does agree to the terms and conditions, would they not need to log out and log back in to get their token’s scopes updated? Is there a way around this?

You can use checkSession in Auth0.js to acquire a new token. This will trigger any rules you have active, so if you make the relevant calls to your web service there and add the scopes, it should work without your user needing to log out and back in.

1 Like

Thanks, just the answer I was looking for.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.