I'm seeing an issue where an expired role claim is not being refreshed on the frontend:

{reason: {message: 'expired', ageInSeconds: 7358.774, maxAgeInSeconds: 60},validatorId: "st-role"}

. It seems to be what was described in https://community.supertokens.com/t/2912951/hello-im-following-the-new-docs-on-how-to-implement-role-bas , but I'm on a recent version of the SDKs. Is there something else I need to do to cause expired claims to be refreshed?

hey @lunis the roles claims doesn't refresh from the frontend cause we don't have any API exposed on the backend sdk that will refresh the roles (yet). Therefore, for the frontend, don't add any maxAgeInSeconds for the roles. But you can do this for the backend claim validators for user roles.

is there a way to refresh manually on the frontend? Our backend doesn't depend on supertokens and just verifes the jwt

yea. You can make an API on the backend which does session verification and runs

session.fetchAndSetClaim(UserRoleClaim)

and then returns a success response. Then on the frontend, you can create your own claim similar to https://github.com/supertokens/supertokens-web-js/blob/master/lib/ts/recipe/userroles/userRoleClaim.ts#L17, and in the refresh function, just call your API

would it work to use attemptRefreshingSession from "supertokens-auth-react/recipe/session" if there are expired claims?

it won't

okay I'll add a backend api then

session refreshing only refreshes the session and not the custom claims