I work in enterprise-type apps. Like you, I was skeptical about JWT’s ‘scalability’ claims. However, it did help make apps scalable within the enterprise. Prior to JWT, we had a proxy server take care of SSO and send some headers describing the user. Our apps would need to talk to AD/LDAP to get other membership information for AuthZ. With JWT, we have these larger tokens that encode users’ roles so we can make AuthZ decisions without the round trip to LDAP.

This also helped with the front-end UX because we could read the token (it wasn’t opaque) and customize the UI based on what roles the user has.