Just keep the roles in claims and not permissions so that JWT size doesn't creates a problem. Now, have a field in database like isClaimsNeedToReset. Make this field true whenever a property stored in claims is changed. Now, on each request check this property if it is true then logout a user or silently refresh user JWT. This way you can reset user claims immediately and ensure that user doesnt uses outdated claims. This behavior can also be used when a new property is added in claims during a new release.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.