Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hey guys, we're using an oauth authorization code flow to authorise our `next.js` application with `email` as one of the scopes. On our settings page we allow our users to update their email using Ory Client. After they change their email however, the email we have obtained during the oauth login will now not match the new one Ory has. I assume the same is true for other scopes.

We have tried to trigger a token refresh, but the `scopes` we get back don't seem to have been updated? Is there some configuration we need to do to make this happen?

If the user does an ODIC logout then and logs in via the oauth flow again we see the scopes are updated and we get the correct email.  But we'd rather not have to log a user out any time they update their email or we some other updated scope?

Thanks!