Should I use JWTs for authentication tokens?

[nosefrog]

And hope your service hasn't been restarted so it doesn't lose the in-memory revocation list?

[beeboobaa3]

Just populate the cache when you need it? You will need a database round trip for the first request per user per application restart, if they haven't reset since. I assumed this was obvious.

[nosefrog]

Oh, I didn't realize that the design also has a database of revocations. In that case, you can just query that directly :P

[beeboobaa3]

You'll want to store your user credentials that they traded for a JWT somewhere. The point of using JWTs is that most of your requests don't have to hit this database.