dannymandel
commented
1 week ago On reviewing some of the other export bits, I think we need more than this, actually. In the export service, we record the orcid of the user that initiated the download, and that code reads that out of the JWT. We'll need to change that code as well, to do a lookup against the user info service in case a token is used.
Access tokens are long lived, JWT aren't.