Is the protocol for silently obtaining Access-Token in SPA while a user session in the Authorization Server (Auth0) is still active - Triggers a call to get updated user claims/roles from whichever social connection/database the user authenticated with?
If not, how should I update the silently re-obtained Access-Token from the Authorization Server with the accurate claims/roles?
One can supply prompt=none as a parameter in an authorization request sent a hidden iframe which will result in a new id_token sent back in the authorization response if the SSO session at the Provider is still valid.