[1penny42cents]

It’s a great analysis but I think it’s too either-or.

If you have a monolith anyways then yes, why use a distributed systems solution like JWT? Completely agree.

But if you already have an auth service, making it optional for the majority of requests is a distributed systems win. Even if you need to implement forced logout or some other features which require hitting the auth database, they can be optional requests. If the auth service is available, you get better security, otherwise the services can decide whether to continue or not.

This is better than your entire app going down or slowing down with the auth service. Though the refresh token bit is still a challenge, it’s a smaller one than a hard dependency on the auth service on every request.

Again, if your auth service is just a component in your monolith, the author is completely right. It’s context-specific.