1
Ask HN: Do you store permissions in a JWT?
If you store your permissions in your JWT, how do you handle changing permissions?
Is the overhead of a database query for permissions worth the security gain of instantly able to change permissions? (IE use JWT for authentication, check permissions for authorization on each request)
What is the general consensus these days on handling permissions WRT JWTs?