... and avoiding encouragements of JWT denylists at the server side. See #544.