We are looking for the correct way to request additional social service permissions from our users after login.
Today, a user can log in to our app via a set of social providers or e-mail by allowing only the most basic permissions necessary for user validation.
After login, a user should be able to grant additional permissions to various social providers, regardless of what method they used for logging in.
For instance, we’d like to request additional Google and Facebook permissions so that we can import more data from their social accounts than is required for authentication. Requesting these additional permissions at login would make users refuse to authenticate at that point.
In the Auth0 management ui, we seem only to be able to enable or disable permissions on a social connection level (https://community.auth0.com/questions/1680/requesting-additional-scopes-for-facebook-login), and we find no way to programmatically specify a greater set of permissions for some auth0 lock invocations, at least not without reloading the page (we can only programmatically determine which social providers to display for the login window). We can not either add two social providers for Google, only one is allowed per auth0 account (otherwise we could have added 2 and configured them separately).
Do we have to create a new account and let our users authenticate with two different accounts, something like first an account for “Our Service - Login” and “Our Service -Additional Permissions”? That seems really strange and hacky, is there a better way?