Is the protocol for silently obtaining Access-Token in SPA while a user session in the `Authorization Server is still active - Triggers a call to get updated user claims/roles from whichever social connection/database the user authenticated with?
If not, how should I get the updated information with accurate claims/roles?
Yes, it should return the current information for the user.
As documented here, Silent Authentication within a SPA calls the /authorize endpoint which returns a new token.
I’ve tested this with a React SPA and indeed if you modify the active user’s roles you’ll see the changes after reauthentication (silent or otherwise).
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.