Tokens issued before 'id' was added to the JWT payload pass signature
verification but cause a KeyError when endpoints access user['id'].
verify_token() now returns None for any token missing id/username/role,
triggering a 401 → the frontend interceptor clears localStorage and
redirects to /login so a fresh token is issued automatically.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Nirodan
ac31290a87