Shipping production software requires a lot of housekeeping; so much so that many developers mentally block out just how much time a day they spend endlessly shepherding their work through the release lifecycle. Does the pull request have merge conflicts? Are tests passing? Is the linter happy? Is some other automated check failing? Most of these failures require intervention; whether it’s a finicky spec failing in a test suite or something more serious like a merge conflict.

I finally felt compelled to write this after reading a little tidbit from a blog posted on Hacker News containing this perennial piece of technoFUD One of the downsides with JWTs is that banning users or adding/removing roles is a little harder if you need the action to be immediate. … Since the token is stored client side, there is no way to directly invalidate the token even if you mark the user as disabled in your database.