@dan.woda thank you very much for your reply.
It totally makes sense to rely on JWT refresh token, but in this case we have integrated Auth0 into a Laravel web app and according to quick start guide here, it generates a session in Laravel’s side and seems like the session doesn’t get updated anymore once it has been created after a successful login.
Am I missing anything in this instance?
The main idea is:
- We have an existing laravel app with a native authentication
- We integrated auth0 as a second auth mechanism to identify different types of users (not the ones we have in the local db) but are stored in auth0 side
- The user’s roles get updated through API triggered from some webhooks
The issue is that after we update the user’s role in Auth0 db to make sure it is persisted to that user’s sessions which might be active.
What I am noticing is that the laravel sesssion is not being updated from auth0 even if jwt ‘underneath’ it may have expired