I have a .net core mvc and web api application where user can access api secured with azure ad according to role assign to them. It is working perfect once user login and authenticate can access according to their role but when there is change in the role from the azure ad access token is not getting the updated role i have to login again or wait for 1 hour to expire the token. How can i get new access token with the updated roles whenever there is change in the roles or permission from the azure ad without re login or without waiting for the token expiration
I have tried to with refresh token but it is not working
From an OAuth viewpoint, the scopes and claims are issued to access tokens at the time of authentication and consent. This delegation is often not updateable until the user re-authenticates.
If you decide to code a solution, the right place for the responsibility is probably for your API to operate on fresh information. Eg it could look up the latest values from the OAuth user info endpoint, then cache them for a while, for future requests with the same access token.