Let’s say we’re using Auth0 user/password connection to store users, and we give a client a short live acess token and long lived renew token. They access our SaaS fine. All good so far
Then what happens if we do the following from the Auth0 dashboard.
- We click ‘Block User’ from the Actions drop down button for that particular user
- We click ‘Applciations’ tab for that particular User and revoke that particular application for that user
I am hoping the answer is that requesting a new access token via the renew token will fail since either of those actions will invalidate the renewal token but I wanted to make sure, docs are not clear, can you please confirm?