Hello Auth0 Forums
I have an instance where a user is given a new role after they are authorized in the SPA.
My goal is to update the JWT token cached inside the application without having the user logout and log back in.
I am using refresh tokens with the auth0-spa.js library.
I have “Skip Consent” and “Offline Access” enabled in my APIs.
I also have the rotating tokens enabled in my SPA dashboard.
When I run
auth0Client.getTokenSilently({ ignoreCache: true });
I do receive a new and updated token, but only the permissions have been updated, not the scopes.
Also, if the user logs out and logs back in, the correct scopes are present in the token.
I have also tried
auth0Client.getTokenSilently({ ignoreCache: true, audience: "myAudience" });
But this throws a login_required
error.
Is there a way to get the scopes associated with the newly attached role without re-authenticating?
Client Initialization
createAuth0Client({
audience: env.authAudience,
domain: env.authDomain,
client_id: env.authClientId,
redirect_uri: env.authRedirectUri,
scope: env.authScopes,
useRefreshTokens: true,
cacheLocation: "localstorage",
})
Login Method
auth0Client.loginWithRedirect({
appState: {
appRoute: redirectUrl,
},
scope: env.authScopes,
audience: env.authAudience,
pageType: pageType,
...extraConfig,
});
Thank you!