Hi. We released a new feature for uor users and they need a certain role to use it. We have added the role to all the required users but they are already logged in and so they token does not include the new role. Is there a way to force a token a refresh on the frontend?

hey @bteres yes, you can make an API on the backend which will do: - verifySession - from the resulting session object, do

await session.setAndFetchClaim(UserRoles.UserRolesClaim)

- return a successful 200 response Then on the frontend, you can call this API on every page load for example. This will basically make the session token update the role claim everytime the user loads a page

OK. What is the default refresh time if the session is idle? If I revoke the tokens how long will it take before they will need to relogin?

default is 1 hour

OK.

yea -> revoke all sessions on the backend -> on the frontend, call attemptRefreshingToken on page load.

How to revoke all sessions on the backend?

1 hour is configureable, but thta won't change the current access token lifetimes

I know. But for future.

> How to revoke all sessions on the backend? Loop through all users -> call Session.revokeAllSessionForUserId on each user id

Thanks.