Permissions are not being updated after making changes on Authorization Extension

Hey!
I have the following situation:
We are using Authorization Extension v2.13.0 to create groups, roles, and permissions for users, since Auth0 by default doesn’t support groups.
Also, we are using this post-login action script:

exports.onExecutePostLogin = async (event, api) => {
  console.log("Adding permissions claim to JWT...")

  if (event.authorization) {
    try {
      const namespace = 'https://me.com/permissions';
      api.idToken.setCustomClaim(namespace, event.user.authorization.permissions);
      api.accessToken.setCustomClaim(namespace, event.user.authorization.permissions);

    } catch(error) {
      console.error(error);
      throw new Error('Failed getting user permissions');
    }
  }
}

The problem is that I need to log in and log out twice so the new changes made in Authorization Extension v2.13.0 are added in event.user.authorization.permissions, probably because Auth0 is caching the permissions.

So is there a way to avoid this situation, or force the refresh of the data?
Thanks in advance!
Alvaro

Hi @alvaro

Welcome to the Auth0 Community!

Since the permissions are updated in the tokens during a post login action, unless the user re-authenticates the new permissions changed by the extension are not visible inside the user profile. Usually, this should take a single re-authentication from the user, not two.

I would advise to either force re-authentication of the user when these permissions are updated or refresh their token so that it includes the updated ones.

If you have any other questions, let me know!

Kind Regards,
Nik