Change User Scopes Dynamically without Re-logging in

dimitryvoew · February 28, 2018, 7:25am

I’m trying to use scope guards to limit access to portions of my website and associated back end REST points.

I’d like to change them dynamically, so for example if a user agrees to the terms and conditions on my website, then their allowed scopes would change (I think this is all possible via web hooks that make calls to my servers to check this).

However, the issues is, once a user does agree to the terms and conditions, would they not need to log out and log back in to get their token’s scopes updated? Is there a way around this?

richard.dowinton · February 28, 2018, 10:18pm

You can use checkSession in Auth0.js to acquire a new token. This will trigger any rules you have active, so if you make the relevant calls to your web service there and add the scopes, it should work without your user needing to log out and back in.

dimitryvoew · March 3, 2018, 9:30pm

Thanks, just the answer I was looking for.

system · March 4, 2018, 9:30pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How can I update and retrieve updated scopes Help scopes	1	3598	March 2, 2018
Authorization and JWT in a React SPA JWT.io	2	4454	August 30, 2019
Retrieve newly added user scope without user re-authorize Help scopes , rbac , auth0-spa-js	1	4126	September 22, 2020
Unable to set custom scopes after login Help auth0 , rules , scopes , scope	2	3908	August 1, 2019
Change in Authentication APIs i the last 2 days? Help api	2	3426	March 2, 2018

Change User Scopes Dynamically without Re-logging in

Related topics