Hello guys, auth0 is so awesome
We’re playing with auth0, giving him a chance, and I have a little doubt.
ps: I’m aware refresh tokens should be forbidden (are forbidden?) on SPA
I am about to create a webhook in order to add custom roles to an user, but I was thinking:
if I change the role to an user while he’s logged, there’s no way to refresh his ‘claim’ containing the role, he has to log-off and log-in again, right? Or refreshing token would call the webhook and grabs the new role?
I’m trying to understand that expecially because having a role on claims would have a great positive performance impact, without having to query everytime I make an api call, and I need the same thing for a ‘subscription-plan policy’, so for example when my user wants to buy a subscription, I would want it to have on the claims too.