Not all requests are created equally, maybe you don't check jwt revocation on some high throughput read endpoints but on updates or reading of sensitive data you do check that list.
with JWTs you have the flexibility with the opaque you don't.
JWTs also allow you to do client-side logic on things like entitlements but then verify against database when the user tries to view something
with JWTs you have the flexibility with the opaque you don't.
JWTs also allow you to do client-side logic on things like entitlements but then verify against database when the user tries to view something