Change User Scopes Dynamically without Re-logging in

dimitryvoew · February 28, 2018, 7:25am

I’m trying to use scope guards to limit access to portions of my website and associated back end REST points.

I’d like to change them dynamically, so for example if a user agrees to the terms and conditions on my website, then their allowed scopes would change (I think this is all possible via web hooks that make calls to my servers to check this).

However, the issues is, once a user does agree to the terms and conditions, would they not need to log out and log back in to get their token’s scopes updated? Is there a way around this?

richard.dowinton · February 28, 2018, 10:18pm

You can use checkSession in Auth0.js to acquire a new token. This will trigger any rules you have active, so if you make the relevant calls to your web service there and add the scopes, it should work without your user needing to log out and back in.

dimitryvoew · March 3, 2018, 9:30pm

Thanks, just the answer I was looking for.

system · March 4, 2018, 9:30pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How can I update and retrieve updated scopes Help scopes	1	3598	March 2, 2018
Authorization and JWT in a React SPA JWT.io	2	4453	August 30, 2019
Retrieve newly added user scope without user re-authorize Help scopes , rbac , auth0-spa-js	1	4121	September 22, 2020
Unable to set custom scopes after login Help auth0 , rules , scopes , scope	2	3906	August 1, 2019
Dynamic scopes: parameterized Help management-api , roles	3	1225	August 9, 2023

Change User Scopes Dynamically without Re-logging in

Related Topics