What a bunch of BS...

The JWT specification is specifically designed only for very short-live tokens (~5 minute or less). Sessions need to have longer lifespans than that.

Huh? The expiry is as long or short as you want.

The JWT specification itself is not trusted by security experts.

...and we're supposed to trust some random gist? Pure appeal to authority.