On login we add some fields from app_metadata onto the token to be used later used by other microservices. Sometimes we update some attributes on app_metadata via the nodeJs auth0 managementClient. After updating we re authenticate by calling loginWithRedirect()
.
We have seen sometimes that after updating app_metadata and then re authenticating, the new token has stale custom claims (the fields on the token that we got from app_metadata hold the values from before the update)