I finally felt compelled to write this after reading a little tidbit from a blog posted on Hacker News containing this perennial piece of technoFUD One of the downsides with JWTs is that banning users or adding/removing roles is a little harder if you need the action to be immediate. … Since the token is stored client side, there is no way to directly invalidate the token even if you mark the user as disabled in your database. Rather, you must wait until it expires. Are you sure about that,...
