Prevent JWT Authentication from updating LMS User Data

2019-05-24 12:24:05 -04:00
parent 3539f03a20
commit 1ebecef5ed
1 changed files with 6 additions and 0 deletions
--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -3184,6 +3184,12 @@ JWT_AUTH = {
    'JWT_AUDIENCE': 'change-me',
 }

+EDX_DRF_EXTENSIONS = {
+    # Set this value to an empty dict in order to prevent automatically updating
+    # user data from values in (possibly stale) JWTs.
+    'JWT_PAYLOAD_USER_ATTRIBUTE_MAPPING': {},
+}
+
 ################################ Settings for Microsites ################################

 ### Select an implementation for the microsite backend