I worked in a backend team that introduced JWT, before I got there. The problem we had with JWT was that the data was stale. Even if it wasn't stale, it needed to be treated as stale because every service wanted the up to date data, even within 1 sec that data is old. The user could have changed something in their account from the time that the JWT was issued. I removed JWT and went back to the old UUIDs as tokens.
No comments yet.