The /userinfo is not returning the most up-to-date version of the user’s profile.
Steps to reproduce:
- User obtains access_token by logging in
- Update user_metadata using either the Management API or the Auth0 dashboard
- Make GET request to /userinfo using the access_token obtained in step 1
- Data returned is not the updated data from step 2
If the user obtains a new access_token the /userinfo endpoint will then return the updated profile information when using both the new access_token and the original access_token.
To support the common use case of allowing users to update their profile we are forced to refresh the users access_token in order to get the updated user data.
Is this the expected behavior of the /userinfo endpoint or am I missing something here?