My favorite use for JWT was actually on the backend for Frontend-to-service-to-service auth. It was actually a pretty natural way to flow the user context around without getting ugly with our API calling conventions.

Basically, Clients all used NTLM to talk to the main site, but the main site would use JWT to pass the authenticated user info to the other services being called. The signature ensured that you couldn't spoof, short of being an authorized user that could get an impersonate token for calling the APIs.

But the nice thing was it meant we didn't really have to hit the DB at all in any of this, and it was way cheaper to implement than an API gateway.