I’d like to achieve the following scenario and wonder how this would be possible with Auth0:
- User logs in with Passwordless via embedded login
- For most of the application, login is valid for a longer time, eg. for a few days
- Certain sensitive endopints in the application would require user to reauthenticate every 24h
I thought this could somehow be achieved with scopes, and Auth0 application having “standard” and “sensitive” scope. I’m not sure, however, how to set different expiry times for these two scopes.