Open nombrekeff opened 3 years ago
@nombrekeff I've found this article which is interesting related to this question. In the comments there is a usefull discussion about this. https://dev.to/sebastiandg7/how-do-you-handle-role-permissions-updates-with-jwt-3778 One of the options could be that when you get an unauthorized response logout the user, then he has to login again an get new permissions, or we could implement refresh token and you could refresh token sillently....the hard way s to change the jwt key but this would invalid all tokens xD
Yup, the first idea we had was to just invalidate the token, and logout the user. But I thought this would become old really fast (), and spoke with Lluis and he was going to think about this.
@santoslluis Have you thought something about this?
We need a way of invalidating tokens when permission changes.