Would you have an ETA for that upgrade?
No ETA, but this is being actively worked upon. As Joao said, this is only if your use-case necessitates using /oauth/ro (i.e. a flow where the user enters their credentials on your client application instead of on Auth0, which is the Identity-Provider in this case).
If you can support redirect based flows, I’d highly recommend you move to using the Hosted Login Page as I detail in this post.
- …] Is this fully correct?
To use the renewAuth method, yes, you need to have visited Auth0’s login page (i.e. <your_account>.auth0.com/authorize at some point during the flow. This means that using /oauth/ro (legacy flow) or /oauth/token (OIDC-conformant flow) will neither establish an SSO session for the user for use with renewAuth.