Considering using App Services Auth for my application, but I’m not sure I get the following paragraph in the docs:
Atlas App Services does not dynamically update a user’s custom data if the underlying document changes. Instead, Atlas App Services fetches a new copy of the data whenever a user refreshes their access token, such as when they log in. This may mean that the custom data won’t immediately reflect changes, e.g. updates from an authentication Trigger. If the token is not refreshed, App Services waits 30 minutes and then refreshes it on the next call to the backend, so custom user data could be stale for up to 30 minutes plus the time until the next SDK call to the backend occurs.
Well, I do understand what is says, but I don’t understand how practically going to be handled, especially when it comes to functions and security rules.`
Let’s say I manage my user’s custom data in a “users” collection.
Say I have role fields for editing a blog post (“viewer” / “moderator”). I use this role to determine critical write/read rules.
If I update the user to be a “moderator” - it means they will be able to edit the spoken blog post only with in 30 minutes / next token refresh considering I have a security rule which based on that field?
From product perspective, it’s a deal breaker.
Do I understand the docs correctly and that’s really the case?