I’m trying to use scope guards to limit access to portions of my website and associated back end REST points.
I’d like to change them dynamically, so for example if a user agrees to the terms and conditions on my website, then their allowed scopes would change (I think this is all possible via web hooks that make calls to my servers to check this).
However, the issues is, once a user does agree to the terms and conditions, would they not need to log out and log back in to get their token’s scopes updated? Is there a way around this?