After reading that article a while back it wasn't really clear to me why JWTs are necessarily a bad choice for authentication, aside from the issue of invalidating stateless tokens.
The main argument seems to be vulnerability to attacker supplied JS (when kept in local storage). But if you're targeted by a supply chain attack, I assume you have a lot more to worry about than token exfiltration.
The complaint about lack of battle-tested JWT implementations seems outdated as well.
JWT isn't particularly useful for the smaller scale either: http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-fo...