decentralized, easy for distributed systems to use Basic information can be placed directly in the token. Username, NICKNAME, ROLE function permission information can be placed directly in the token. Use a bit to represent the user’s functional authority.

Disadvantages: The server cannot actively invalidate the token
2. Centralized Redis Token/Memory Session, etc
Advantages: The server can actively invalidate the token
Cons: Redis queries need to be done every time. Occupying Redis storage space.
Here Redis stores a whitelist of tokens. Other information about the user is also stored in Redis. It takes up a lot of Redis space and queries.
3. Optimization scheme:

Jwt Token> add TokenId Storing the TokenID field in Redis so that the server can actively control token invalidation sacrifices the decentralized nature of JWT. Use asymmetric encryption. The authentication server that issued the token stores the private key: the private key generates the signature. Other business systems store public keys: The public key verifies the signature.

Here, Redis only stores the blacklist of TokenID, and Redis can also be distributed with separate reads and writes. Token authenticates the server to operate on Redis’ master, and other Redis synchronize the master’s data
 
 
https://www.zhihu.com/question/274566992