Iām also looking for a solution that will include the permissions in the access token on first login without forcing the client to refresh the access token. @dan.woda Are you able to assist and update the FAQ?
There are several threads on this topic with no clear answer:
You will have to force a token refresh on first login to get the roleās permissions in the AT. You should be able to do this silently without the user providing credentials.