How should JWT be designed in a multi-center SaaS system where one account can belong to multiple centers?

[InternJava]

current design
token payload
switching center
security concerns

[hoandevv]

1. Separate Identity from Context

When user logs in:

They authenticate as an account
System returns:
access_token (JWT)
refresh_token
list of centers they belong to

👉 Important: JWT should represent one selected center at a time, not all.