Revoking tokens as a result of a role assignment was simply overkill. I don't think we need to revoke any tokens, and we can instead place the burden on the user to figure out that they should re-authenticate to take advantage of recent role assignments.
Revoking tokens as a result of a role assignment was simply overkill. I don't think we need to revoke any tokens, and we can instead place the burden on the user to figure out that they should re-authenticate to take advantage of recent role assignments.