0
I am wondering about some strategies regarding a particular issue I am facing. Let’s imagine that there’s an authentication system implemented using JWT.
Users sign-in, they get a token which has the following payload:
{ username: 'John', email: 'john@example.com', photo: null }
(they payload is generated based on a database query, say SELECT * FROM user WHERE id = 1 )
When (and only when) the user is logged in, they can upload an image. The image gets stored somewhere, the user entry is updated in the database.
The problem I am facing is that now they need to login and log-back in again to see the profile photo updated since the profile information is displayed based on the token payload which will still not contain the photo . The next time they login of course it’ll be updated:
{ username: 'John', email: 'john@example.com', photo: 'john-img.jpg' }
So the question is - how to handle the situation when the profile data is show from a token and there’s a file upload procedure and I wish to display the image?
I know that the client shouldn’t (and cannot) update the token, because that will automatically cause the token to be invalidated.
Are there any strategies out there that are acceptable? Should I rethink the logic of doing file uploads while logged in? Should this not be tied to a JWT? Should the profile page not be built up from the token?
And as a lost question - kinda off topic - is there a guide regarding what a JWT could/should contain?