I don’t store them myself, when I’m logging in viewers/users I don’t store anything aside from what I put in the temp session manager.
Since JWT’s can’t be refreshed, I tend to OpenID login, call the userdata endpoint.
Store the user data in session, and discard the JWT and just run a session manager.