Hi Team, I have a use case where I am using Auth0 Redirect Actions to build a T&C screen. Basically after login we check something in the app_metadata and redirect the user to a custom page where it has to accept the new terms in order to continue.
This works great, the problem is, for already logged in users, when the SDK attempts to get a new access token I am getting this error Redirection is not available on /oauth/token endpoint.
. This makes sense since refresh token flow can’t redirect the user.
My question is, what is the best way in this case to deal with this user (assuming there are new T&C and the already logged in user needs to accept them in order to continue). I can use api.access.deny(reason)
to return an error (not sure how the SDK will handle that for Refresh token flow).
I was also reading this: Redirect with Actions and I find it quite confusing. Its not clear for me in that text what should we do with refresh tokens in actions… just ignore the flow with api.redirect.canRedirect()
?
Cheers!
Cheers!