From 1ebecef5ed6e3a3cbf39203216178674ddc1d8f2 Mon Sep 17 00:00:00 2001
From: Nimisha Asthagiri <nasthagiri@edx.org>
Date: Fri, 24 May 2019 12:24:05 -0400
Subject: [PATCH] Prevent JWT Authentication from updating LMS User Data

---
 lms/envs/common.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lms/envs/common.py b/lms/envs/common.py
index 48e5603c99..782908fdd8 100644
--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -3184,6 +3184,12 @@ JWT_AUTH = {
     'JWT_AUDIENCE': 'change-me',
 }
 
+EDX_DRF_EXTENSIONS = {
+    # Set this value to an empty dict in order to prevent automatically updating
+    # user data from values in (possibly stale) JWTs.
+    'JWT_PAYLOAD_USER_ATTRIBUTE_MAPPING': {},
+}
+
 ################################ Settings for Microsites ################################
 
 ### Select an implementation for the microsite backend