Clarification on AuthProvider Abstraction / How to Get New Access Token After Updating app_metadata

First forum post after toying around with Redwood for a couple of weeks…congrats to all on the amazing work! Using Redwood has been a pleasure so far.

Setup: Redwood auth provider with Auth0 set as identity service

General Scenario: Subscription Saas sign up flow

Specific Scenario:

  • Auth0 actions add user roles to the JWT on login.
  • An authenticated, non-subscribing user ( {roles = ["user"]} ) completes a checkout session.
  • Their updated role (something like "subscriber_pro_plan" is sent to Auth0 via the Auth0 management API.
  • At this point, if the user were to log out and log back into the app they would receive a new JWT with both roles ( ["user", "subscriber_pro"] ). This is correct for their status. Redwood access controls correctly control their activity.


  • I don’t want a user to log out and back in again after completing subscription signup.

How can I get a refreshed access token after successfully updating their app_metadata?

The Auth0 docs say getTokenSilently({ ignoreCache: true }) is the correct way to secure a new token.

I can’t get this to work. The likely cause is because the Redwood Auth0 mapping does not contain an options param.

Simple enough, we could add or I could make a custom provider in the interim, but I’m not sure that’s the right approach. It feels like I’m missing something simple due to my lack of understanding of the auth provider abstraction.

  • Thoughts? Solutions? What am I missing here?
  • When using an auth provider, do we have access to all client methods (via auth0-spa-js) or only the mapped methods?

Hi @Entelechy! Pleasure to meet you.

I can’t answer about adding support for getting a new token, someone likely will after me :crossed_fingers:

This I can help with: You may access the client you initialized Redwood’s abstraction with through the client field, provided on the object returned by the useAuth hook:

const MyComp = () => {
  const { client } = useAuth()


  client.getTokenSilently(...) // idk, never used Auth0 personally

Documentation which talks about the useAuth API.

Source where the Auth0 provider passes the client.

Hope it helps! And welcome to the community!

1 Like

Thank you for the quick response! I’ll try this out.


Well… I’m still struggling with the auth provider abstraction. Essentially I need to pass arguments to getToken which does not accept anything. I tried Firebase with the same end result. This means I’m looking at making a custom auth provider.

Using the client library will execute the method but not overide the initial token.

Posting here as an update and will post back if I sort a solution other than a modified version of the existing Firebase auth provider

Sorry to hear it’s still giving you problems.

So using the getTokenSilently using the client field works, but isn’t updating Redwood’s token - so your application still has the old user-data?

What about adding a call to reauthenticate (given by the useAuth hook) after getting the token? You may even be able to just use it, as I believe this is what’s used by the AuthO client, just without the ignore cache argument.

1 Like

That seems to have worked! I thought I had explored reauthenticate but maybe not!

I’ll verify, clean this up & post an answer back here for future visitors.

1 Like