JSON Web Tokens (JWT) are often used in stateless authentication flows. Thanks to the signature, the server does not need anything else to verify the token validity. The scope claim (RFC8693 section 4.2) contains a space-separated list of scopes associated with the token. The server can use it to check the application permissions. Although this claim can quickly become heavy. The more scopes you have, the bigger your token is! But JWT are meant to be a compact token format… Today I’m prou...
