cubejs-jwt-hs256-5min-exp-issuer-locked-security-context
R-Dash Cube.js authentication uses HS256 JWTs with 5-minute expiry and issuer-lock. The security context passed to Cube is assembled from DB roles + workspaces + claims per request, not cached at session level. This ensures RLS is always evaluated against current DB state.