I am using Github connection as an ID provider with Auth0. During the login process, the user is redirected to Github’s permissions screen asking user’s permissions to access their github account as well as access to the list of Github organizations the user belongs to. When the user logs in successfully, Github provides an access token. I’m able to retrieve the idp access token by calling the Auth0’s management api endpoint /api/v2/users and use it to make calls to github’s API.
However, the access token appears to have fixed access permissions granted at the time of login. I’m wondering if there is a way to renew the access token so that I can ask user a new set of permissions. That is I want to redirect user to the permissions screen similar to one that was presented at the time of the initial login.
The only way I can currently do this is if I go to Github and revoke permissions to my Oauth application. This forces the login sequence all over again. I don’t think this is a practical for users of my app to do every time they need to provide different permissions.