I am asking if there is any way to trigger a refresh of a perspective session such that auth.user has the latest changes in the user database?
For the most case, user info is static. Although, at times a user may gain or lose a role within a session and I’d like to have the auth.user.roles to reflect the latest state without having the user to logout and log back in.
If this is not a possibility, having the user log out and log back in is a valid approach. I would prefer having the ability to refresh particular session properties on the fly, however.
Ignition does not currently have this capability. I have added a new feature ticket to our backlog to add an option to the login and logout action / scripting function in Perspective. This option would allow you to specify if you want to force redirection to the IdP even if you are already logged in. Currently, if you are already logged into your Perspective session, Perspective will not redirect to the IdP for authentication since the user is already authenticated. If we allow for the option to force redirection to the IdP, it gives Perspective a chance to get any updated user profile / role information from the IdP.
For now, you would have to logout and then log back in to get the updates roles.
Thanks for the response Joel, this makes absolute sense to me. I was hoping that there was not an obscure way to do what I was asking as I couldn’t find anything throughout the Session documentation mentioning anything about this sort of functionality.
I like the idea of having a method to redirect to the identity provider, although I have a question of how different this redirect be as compared to the logout/login event actions.
I’ll approach the problem by prompting the user to logout and log back in as the way to get the most up-to-date user information in the session.
To the end user, invoking login with this new option would make it so that their page would redirect to the IdP to re-authenticate. In most cases, if the user is already logged into the IdP in the same browser session, they will not need to re-enter credentials, and they will be immediately redirected back to the page they were on in Perspective, except their session will be updated with the latest roles from the IdP. In most cases, this would happen so fast, it would look like the Perspective page just refreshed in the browser.