We’ve been working to move our authentication out to auth0. So far so good and we have password authentication working and we’ve enabled RBAC and therefore the access_token provides us with the permissions granted to a user.
The issue we’re running into is that when using the refresh_token to gain a new access_token, the access_token provided back is giving us the permissions array, but it is empty. Is there something we need to do/configure to allow the refresh to also include the permissions? Nothing stood out in the Application/API configurations.
Thanks in advance.