I am trying to obtain access tokens for logged-in users who have authenticated using a social login provider (Google, Apple, etc.). Since the customer is logged in, we already have un-expired access tokens saved for the customer. However, in our Auth0 configuration, we have custom rules defined which augment tokens with extra information under certain conditions. The conditions are not met when the customer first logs in using a social login provider, but subsequently are met. So we are trying to regenerate access tokens for these customers, so that they will be augmented by our rules and contain additional information, without requiring any manual action from the customer.
I have tried using the checkSession() function in the Auth0.js library to refresh the tokens, but this always produces a login-required error. Note that we are NOT using Auth0 dev keys for our social connections.
When I attempt to using the authorize() function in the Auth0.js library, the customer is redirected to the social login provider to authenticate again. For some providers, this means providing credentials again, which is not the ‘transparent’ experience we are trying to provide for our customers. We are hoping to perform this token refresh automatically, without requiring any customer interaction, similar to “embedded login”.
If anyone has other avenues to explore, or can point me in the right direction, I would appreciate it.