JWT auth is one of those things that’s easy to get working… and just as easy to get subtly wrong. I tried to break down the full flow and the trade-offs a bit more clearly here. Would love feedback / how others are doing it 👇