[ORioN63]

Refresh tokens are the real alternative, IMO.

I kinda agree it looks like an ad for redis, since it doesn't even considers alternatives.

[digianarchist]

Hasura [0] has a great article on how to make front end authentication as secure as possible.

[0] - https://hasura.io/blog/best-practices-of-using-jwt-with-grap...

[allset_]

Agreed. Long(er) lived refresh tokens, and then having signed access tokens such as JWTs so that the API server doesn't have to hit the database on every request.