After authenticating, we’ll get a refresh token, id token, and an access token back. This access token works just fine with the /userinfo call, and we clearly see all of the requested data (e.g., user_metadata) coming back in the response. However, if we decide to use the refresh token to get a new access token, the /userinfo call gives us a very limited set of data containing only properties for sub, email, and email_verified. Is there a way to get an access token that has the same scope as the original access token?
I apologize if this is a basic question, but I can’t seem to find documentation on this and I’m still learning the ins and outs of Auth0.
Thank you!