How to update session after changing a user's role

Hello again,

I am facing issues keeping my auth0 user in sync with the session in my NextJS application. Basically I need the user’s role and permissions to be updated when I add/remove a role or permission.

Right now I am using a role to conditionally render some pages, but after giving the user said role, the sessions in frontend (with useUser) and backend (with getSession) are unchanged. Roles and permissions are added as custom claims via Login actions.

Two questions:

  1. Can I “force” update the session to see the custom claims of roles and permissions reflected?
  2. Is there a better alternative for always keeping roles & permission in sync with my changes on the auth0 dashboard?

Right now I have to logout and login again to see any modifications.

Thank you.
Fabio

Hey @faabiopk!

Thanks for the detailed description.

As far as I’m aware this is the only way to get the new role/permission added - Have you by any chance explored using silent auth?

Thanks for the response @tyf!

I checked this page before, but it was unclear to me where/how should I use the silent authentication step.

Should I do something like this inside my endpoints?

export default withApiAuthRequired(async function myApiRoute(req, res) {

    await handleLogin(req, res, {
      authorizationParams: {
        prompt: 'none',
        audience: "mysite.com"
      },
    });

}

Using this redirects me immediately.
Is there a way of “re-authorizing” the user and continue on the same page?

Thanks :slight_smile:

1 Like

Have you by any chance managed to resolve this issue?

Using silent auth solved most of my problems. It is not automatic, but I believe you could make it so.

Silent auth basically solves the problem in the #1 way I described in my question.

1 Like