I have an app using Auth0, made with ReactJS and NodeJS. Things are working fine for the most part.
The design is such that we decorate each request with an admin flag, and I have the Auth0 profile encoded in my JWT token.
This way I can do things like:
server.route({
method: 'POST',
url: '/.../...',
preValidation: server.authenticate,
handler: async (req, res) => {
const { user } = req;
if (!user['admin']) {
...
}
...
}
});
I am happy, with this approach, except for one problem that I have not resolved. How to deal with a request coming from the user to update their own profile. After the profile is updated, JWT stays the same and has outdated profile information.
Can anything be done about this, short of logging users out on each profile update? Is there a way to update JWT without ending the session?
Based on my research, the solution is to:
Repeat the login automatically after each profile update or notify the end-user that and let them choose if they want to repeat the login.