I have been tasked with setting up a client to map Salesforce role information to roles within auth0, so that information can carry to our other applications. My current understanding is that I can use the auth0 SDK to interface with our organization and map roles on login. However, I am unsure where exactly this piece fits in.
Does it go in front of applications/apis? And how would that be configured?
Will I have to make an api call to the mapping client, configured with the auth0 SDK, in order to get it to work?
Would it be better to implement the logic in auth0 actions?
How would a refresh token play into this? We have also been tasked with configuring a way to set a refresh token for authenticated users so that we can revoke access to an application without the user needing to re-login in order to notice they no longer have access.