JWTs have a hard problem hiding inside them: they're stateless. The whole point of a JWT is that the verifier can check a signature and make a decision — no database, no round-trip. That's what makes them fast. It's also what makes "log this user out right now " not work out of the box. We had to solve this. Users log out. Admins disable accounts. Service accounts rotate. Each one of those events has to invalidate live tokens immediately , not at the next expiry tick. This post is about how we did it without giving up the performance properties that made JWTs worth using in the first place. The constraints that ruled out the obvious answers Three numbers shape the design: 50,000 RPS of authenticated requests. Sub-millisecond auth budget on the hot path. Single-digit-second propagation — when a user logs out, every pod must know within a few seconds. The obvious approaches each break one of these: Query Redis on every request. Adds a network round-trip to every auth decision. Median latency explodes.…