One of the linked posts explaining why you shouldn't use JWTs is bizarre at best:

https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-ba...

It boils down to "there were bugs in some of the libraries" and then goes on to recommend you...pull in libsodium and do it yourself??? This is ludicrous advice that I simply can't take seriously. All software has bugs. The whole Internet lost its shit with Heartbleed, but we still use TLS and OpenSSL.

> The JWT specification is specifically designed only for very short-live tokens (~5 minute or less).

I've never heard this before and can't find any evidence to back this claim up. RFC 7519 doesn't make any such claim.