Custom JWT authentication - outdated user context

Hello,

I have an app setup with custom jwt authentication. When a user logs in, I add the scope and permissions included in the token to the user metadata fields.

The app has a webhook, that when called checks the context.user metadata fields and does some checks before sending back the response. This webhook has activated the option to create a user upon authentication.

The problem is that I have to call the webhook multiple times, with jwt that have different scopes. The app user is updated with the new scope, but the webhook will run using the outdated user context.

Steps to reproduce:

    • Call the webhook with a jwtTokenString that has the scope app1
    • Realm custom jwt authentication validates the jwt and creates a new app user with the jwt details, including setting a metadata field scope=app1
    • The webhook completes using the context.user data
    • Call same webhook, this time with a jwtTokenString with the same details as the previous one, but this time with a different scope app2
    • Realm custom jwt authentication validates the jwt and recognizes the user already exists, so it just updates it to have scope=‘app2’
    • The webhook runs, but the context.user.scope is still app1, not app2
    • Call same webhook again, same jwtToken as in step 2
    • Realm custom jwt authentication validates the jwt and recognizes the user already exists,
    • The webhook runs, using the correct scope= app2

Is there any way I can run the webhook function with the updated user context data?

Thanks