just wanted to make sure I understand correctly, upon authentication you just bake everything a user has access to (all policies) into a claims part of the JWT?

how it would look like for example if a user has access to 10000 objects: are all of them baked into a token as claims?