What is the best practice of getting noticed when roles of users are changed

I want to manage the roles of users via Auth0.
But I don’t know how to apply immediately the roles of users when it is changed.

For example, I want that the user can’t see private resources immediately when I remove the “private” role from Auth0.
Is it possible?

Hi @json,

The only way to know the user’s roles immediately would be to check against the management API. This could cause some issues with rate limits if you are expecting to do this a lot.

The recommended way to handle this type of requirement would be to use short lived tokens. You could make a token lifetime very short (5 minutes for example), which would mean that the user’s current permissions are within 5 minutes of the changes.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.