> Common workarounds like maintaining a blacklist of revoked tokens introduce statefulness, negating the benefits of JWTs.

> Validation: On each request, we validate the JWT's signature using the application secret and then validate the sjti using the user's secret.

Having to lookup the user secret from the db is no different than consulting a list of revoked tokens. You claim consulting a list of revoked tokens to be stateful. How is looking up the user secret different?