Great read! These are definitely key issues to consider when using JWT for authentication.

Although, platforms like Auth0 provide built-in solutions to address many of the challenges you mentioned. For example, Auth0 reduces token size by including only essential information like the user ID. It also provides refresh tokens and allows for token blacklisting to ensure users are logged out properly or when their roles change.

You can read more about it here: https://auth0.com/docs/secure/tokens/json-web-tokens