Description

Currently, once a JWT is issued for global registration, there is no clear mechanism for invalidating the token if it becomes compromised or if it is no longer needed. This can potentially expose the system to security vulnerabilities and misuse. We need to implement invalidating JWT tokens manually. 

Scope

• The users with the “Edit Users” permissions can invalidate ALL JWT token for other users.

• A user can invalidate self's token
• Conventionally, Admin can invalidate self’s and other users tokens

Out of the scope

• Managing JWTs and storing them in the database.
• Invalidate one/few JWT(s) of a single/all user(s).
• View JWT for user as it is not stored or managed.

Refinement Doc: https://docs.google.com/document/d/1B8oiswj7Fl8FqSSsD6pZhLQ0Ky5D6S6acHuIrrQ6mZ8/edit