I set up which users can have which scopes in rules, which seems to be how it’s supposed to be done. The problem is I can’t figure out a way to remove or add permissions without forcing the user to log out and back in again. I can’t use the refresh token since we don’t use the lock widget and either way we want it server side if we remove a scope. Is there a way to get updated scopes and to rerun the rules in the process?
Is there maybe a way to give the token and get a new token?