I have a SPA with some custom user-management (via the Auth0 management api) functionality.
The logged-in user (via Username-Password-Authentication connection) can edit their own first or last name (SPA makes calls to our API which updates Auth0).
This seems to work fine - after editing they can go about using the app as normal, token still valid, other API calls (where token is checked) all work fine.
However, if they refresh the page they are kicked out and have to login again (
auth0.checkSession does not renew the session when the app loads). This happens regardless of whether or not the edited information (profile) has been included in the token scope.
I’m trying to figure out root cause, and if there is some way I can prevent this from happening. Any ideas what might be causing this or where to investigate further?