Question about logout

[rjpalermo1]

First thank you for your time and effort, this is helping me a lot. So what I get is your Authenticate libraries orchestrate. Took me a little time to figure out the workflow but I got it now. What was/is puzzling me is the authenticate-service and how that would look like in say an actual external service. I assume the authentic-service receives a jwt from client then communicates with the authentic-server to access the rsa-private.pem and decrypt the token.

Is this correct?

If so, I assume I can attach a lot of other info in this jwt the client receives like roles (I think it's called scope?) and act on it in my external service.

Is it possible to associate more than email and password when a user registers through the authentic-server? For example, when a user registers to associate other info like normal user profile first name/last name stuff...

Also, I noticed as I was trying this out that after logout the key is destroyed on the client but I can still access the service after using the same key. Is there something I can do on client logout to also restrict that key from being used again on the service?

Thanks again for all you've done David...