Real-time custom claims update for active users

[juanq4]

Hi there,

I'm seeking guidance on the best approach for the following scenario:

My application has both admin and client users. Admins can modify client custom claims through an admin panel. Some of these claims control access to certain application features. The challenge is how to automatically update a client's claims without requiring them to log out and back in, especially when an admin changes their claims while they're actively using the application.

Is there a recommended way to achieve this seamless claim update process? Any insights or suggestions would be greatly appreciated!

[dantheother]

I've not tried this, but there's some suggestions for how to do it with the underlying oidc-client-ts UserManger here authts/oidc-client-ts#1073

It's not real time or push based, but perhaps you could put that behind a button that the users could click. Better than getting users to logout and login again.

[pamapa]

Somebody started to allow this. See this MR: authts/oidc-client-ts#877. Unfortunately it stuck, but the main obstacle the library had at that time (merging claims) has been fixed since then, as such it should be quiet straight forward to implement a dedicated new function like refreshUserInfo in oidc-client-ts.