Spring Security's JdbcOAuth2AuthorizationService persists access tokens, including JWTs, for the following reasons:

1. Revocation Support JWTs are self-contained and cannot be invalidated once issued without a persistent store to track invalidated tokens. By saving tokens in the database, Spring Security enables token revocation, allowing administrators or systems to invalidate a token before its expiration. This is crucial in scenarios like compromised tokens or user logout.

2. Managing Refresh Tokens Access tokens and refresh tokens are often managed together. When a refresh token is used to generate a new access token, the old access token is typically invalidated. Persisting tokens in the database ensures this relationship is tracked, preventing old tokens from being used maliciously once refreshed. This adds a layer of security and lifecycle management to the token system.

While JWTs are stateless, these mechanisms ensure better control and security in token management, especially in complex applications.