Replying to @aaronpk @mraible
Nice write up! Question: if an authenticated user gets a new/extra role, does the server create a new JWT or is there a way to update the existing token?
4
The answer is it depends on how your access tokens / hotel key cards are implemented!