Scenario: Hosted login pages, SPA application using Auth0.js, dotnet core serverside using Auth0ManagementApi
User logs in successfully and redirects back to our SPA
User sends info to our api, which then updates app_metadata for the user
Back in the SPA, we call renewAuth to get a fresh JWT
This, up until a few weeks ago, used to work. We’d get the fresh JWT with the updated app_metadata and life was good. Some time “recently” this broke, we are now getting login_required back from the renewAuth.
We’re not running against localhost - we’re using nameofproduct.test:8080
We’re not using social identity, so we’re not using any keys, developer or otherwise
Could this have been a v4 to v8 change?
How do we get renewAuth working again so we don’t have to send the user off to the login page to get a fresh JWT?