How (or does) ID token get updated in SPA silent authorization flow?

sankemax · September 5, 2019, 10:54am

Is the protocol for silently obtaining Access-Token in SPA while a user session in the `Authorization Server is still active - Triggers a call to get updated user claims/roles from whichever social connection/database the user authenticated with?

If not, how should I get the updated information with accurate claims/roles?

kstrongholte · November 26, 2019, 11:16pm

Yes, it should return the current information for the user.

As documented here, Silent Authentication within a SPA calls the /authorize endpoint which returns a new token.

I’ve tested this with a React SPA and indeed if you modify the active user’s roles you’ll see the changes after reauthentication (silent or otherwise).

Topic		Replies	Views
Refresh unexpired token for SPA Get Help	8	3737	January 3, 2020
[SPA here] Refresh the token updating the claims (example for updating role) Get Help refresh-tokens , webhooks , claims	2	5221	July 25, 2019
Force getTokenSilently to get a new token Get Help auth0 , rules	6	7569	August 10, 2020
How does silent authentication determine who’s requesting a new token? Get Help spa , angular4 , aspnet-core , silent-authenticatio , token-expiration	4	7962	March 2, 2018
Get new access token from auth0-spa-js Get Help	6	6409	August 17, 2020

How (or does) ID token get updated in SPA silent authorization flow?

Related topics