Hello,
I am using Directus for a site where users can log in. When I change a user’s role from one with lots of permissions to one with less permissions, it seems the user can still do everything from their previous role with their access token until they log out and back in again and get a fresh access token.
Firstly, I was wondering: Is this intended behavior? It’s a huge security concern after all!
Secondly, is there any workaround to solve this? Can I force a user to acquire a new token for example?