Closed dennislobster closed 2 months ago
We are using JWT for authorization/authentication. This means when we remove a user from an org, the user's token is intact, therefore they will have all the access that they used to have. This will last 5' at most, this token will expire and after the refresh they won't have access to that org any more.
I was able to invite dennis.kreeft@faire.com to my org (parent: dennis.kreeft@hotmail.com) and did the following: