Too Long; Didn't Read
JWTs are the most common way of proving identity information to APIs. The more fine-grained your permissions are, the more the size of the token itself grows. Don’t store huge data objects into JWT, and don't overload the JWT. The next version of Webiny Security layer is introducing a new version of JWT to avoid this problem. It’s more important with the actual JWT rather than the actual authentication/authorization logic within your app.