(no title)

I disagree with the main thesis for why JWT is a problem. JWT isn't necessarily encouraging you not to hit the DB for user lookup. This is the claim the article makes as a problem with revocation.

It reads like a really long thoughtful article based entirely on false assumptions for how to best use it.

It's ok to carry around some encrypted state in your tokens for some uses cases.