JWT and Uploading Images


I am wondering about some strategies regarding a particular issue I am facing. Let’s imagine that there’s an authentication system implemented using JWT.

Users sign-in, they get a token which has the following payload:

{ username: 'John', email: 'john@example.com', photo: null }

(they payload is generated based on a database query, say SELECT * FROM user WHERE id = 1 )

When (and only when) the user is logged in, they can upload an image. The image gets stored somewhere, the user entry is updated in the database.

The problem I am facing is that now they need to login and log-back in again to see the profile photo updated since the profile information is displayed based on the token payload which will still not contain the photo . The next time they login of course it’ll be updated:

{ username: 'John', email: 'john@example.com', photo: 'john-img.jpg' }

So the question is - how to handle the situation when the profile data is show from a token and there’s a file upload procedure and I wish to display the image?

I know that the client shouldn’t (and cannot) update the token, because that will automatically cause the token to be invalidated.

Are there any strategies out there that are acceptable? Should I rethink the logic of doing file uploads while logged in? Should this not be tied to a JWT? Should the profile page not be built up from the token?

And as a lost question - kinda off topic - is there a guide regarding what a JWT could/should contain?