If one were to use server-side Blazor, how would this affect the use of JWT? I'm starting with a server-side project with the intention of later switching to webassembly. In other words, besides changing the .js file referenced and the startup plumbing, what would have to change regarding JWT when .NET Core would host the client app, rather than webassembly?

That's the million dollar question :-)

For ME personally, I wouldn't use JWT server side, simply beacuse my blazor client app can use service stubs that can talk directly to your database provider if you wanted too, so it's not even a question I'd normally entertain.

I do understand your point of view though.

Remember that even IF your using server side blazor, your blazor client app can still do everything that a client/server one can do, so there's really nothing at all stopping you from using the HTTP client via dependency injection, and making HTTP client calls to get data, and then implementing those rest end points in the blazor.server app that still gets created with the project when you new it up.

I'm not entirely sure of the semantics of which url/address you would call (Localhost vs FQDN) but it is still a server, and it will still do MVC style rest endpoints in exactly the same way that the client/server model does.

The only thing you would have to be very, very carefull of is to restrict yourself to what you do in the blazor.client project. Beacuse the client app is running on the server, it won't stop you from doing somethings that can't be done on a seperated client, so you would need to excercise good self control, and manage yourself, to not do anything that might cause you a problem later.