I have setup an enterprise ADFS connection, with the user going through the PKCE authorization grant with offline access added to the scope. This retrieves for me a refresh token. I mistakenly thought that using this refresh token -> new access token -> user data would refetch the user data from the original identity provider. It does not appear to do this, and just fetches the cached user data from within auth0’s user information. This information is never updated unless the user goes through the login page against the original identity provider again.
Is there a way to re-authenticate against the primary identity provider for a user without them actually entering their password if they have given offline scope. Can the use of the refresh token actually re-fetch the user data from the identity provider?