Is the protocol for silently obtaining Access-Token
in SPA
while a user session in the Authorization Server (Auth0)
is still active - Triggers a call to get updated user claims/roles from whichever social connection/database the user authenticated with?
If not, how should I update the silently re-obtained Access-Token
from the Authorization Server
with the accurate claims/roles?
One can supply prompt=none
as a parameter in an authorization request sent a hidden iframe which will result in a new id_token
sent back in the authorization response if the SSO session at the Provider is still valid.