JWTs are great for fast, efficient, distributed authentication. You shouldn't store too much stuff in the JWT, just the username and access level is generally enough. The trick is to set it to have a short expiry and keep renewing while the user is online/active.