How to detect changes in Access Token (added via Rules)

I am renewing Access Token once it expires (8 hours in my case).

The problem is that I save some things in Access Token. Using Rules I am adding “roles” to it like this:

  context.accessToken[namespace + '/roles'] = context.authorization.roles;

This way, in my app I can display appropriate UI based on the role the user has, which is great.

The problem is that once I add/delete a role to the user, they have to sign out and sign in again to regenerate a new access token so that the UI gets updated.

Is there a way to detect changes to the data added using rules and based on that sign out user or regenerate a new access token?

Hi @sympi,

Thanks for reaching out to the Auth0 Community!

Before we proceed, could you please clarify how you are adding and deleting the user’s Roles?

And could you please clarify if you are changing them after the user has logged in?

Thank you.

Hi @rueben.tiow :slight_smile:

And could you please clarify if you are changing them after the user has logged in?

Yes, I can change them at any point in time, even if user is already logged in.

Before we proceed, could you please clarify how you are adding and deleting the user’s Roles?

I do it through Dashboard → Users → User → Roles → here I can remove or assign a role

1 Like

Hi @sympi,

Thank you for your response and clarification.

Generally, when updating a user before they log in, the user profile information should reflect correctly after the login transaction is complete. This is expected when decoding the access token of the user.

On the contrary, when updating a user post login, the user profile information will not reflect the newly updated information since the decoded token holds information up until the login transaction.

As you observed, you will need to refresh the access tokens to read the newly updated user profile details.

There are a couple of options.

  1. Configure Silent Authentication to leverage the use of refresh tokens in getting a new access token without prompting the user for credentials again or having them log out and log in again.

or

  1. Calling the Management API Get a User endpoint to get the latest user profile.

By doing so, you can guarantee the latest user profile data.

I hope that helps!

Please let me know if you need further clarification or have any questions.

Thank you.

1 Like