Let JWT (API-key) store more user information. (Update auth.py)
Also check if the user info in the login() function has been updated. If the name, username ('preferred_username'), given_name, family_name or email attributes are changed, the database is updated and API key is regenerated.
API-key can also be checked when it has expired (check "exp"), , but I keep it as it was.