The only issue with this is that you can’t revoke them by default. In order to do that, you can store a custom ID in the JWT, and also in your db. During JWT verification, you can check if that custom ID still exists in the db.