I am having the situation needing to reset/update security context, maybe jwt. My project is microservice, spring cloud/oauth2/zuul…. The case is user's email has been stored in jwt once login. The email can be edited by one service, say identity provider; but, another service(notification) need to send user a email, which must be the newly updated one. The problem is notification can only rely on security context(details) email, that is out-of-date. I am thinking 1. once identity service finished update email, it regenerate jwt 2. then, all services need to extract/reset security context Any solution, hint, comment. Thanks
Asked
Active
Viewed 134 times
0
-
1why not expire the jwt token once user updated the email, and it forces user to login again...if user never logs in again, there is no need to reset the security context any way. – bob tang Mar 13 '20 at 05:36
-
Thanks Bob for your inputs. I almost said the same thing to the business people, "this is critical changes, please input your password again". (sure, behind scene it is kickout/login again). But they are unhappy – tao.wang.pro Mar 13 '20 at 18:15