7066795c3c
JwtAuthenticationFilter compared the JWT subject (user:alice) against users.user_id (bare alice), so token_revoked_before was never read for any user. Strips the prefix to match the convention documented in CLAUDE.md. Adds JwtRevocationIT as a regression. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>