Passwordless auth with requirement to re-authenticate during certain actions

I’d like to achieve the following scenario and wonder how this would be possible with Auth0:

  1. User logs in with Passwordless via embedded login
  2. For most of the application, login is valid for a longer time, eg. for a few days
  3. Certain sensitive endopints in the application would require user to reauthenticate every 24h

I thought this could somehow be achieved with scopes, and Auth0 application having “standard” and “sensitive” scope. I’m not sure, however, how to set different expiry times for these two scopes.

Any idea?