Nice write up! Question: if an authenticated user gets a new/extra role, does the server create a new JWT or is there a way to update the existing token?
4
Replying to @Stephan007 @mraible
if your access tokens are just a reference to a record in a database (the hotel key is just a number, and the doors look up access info in a central server), then you can update the roles in the existing token.

Jun 6, 2019 · 7:13 PM UTC