I’m just making a quick note of these two things here, as I wasted time over them this afternoon and I can come back to remind myself next time:

• When specifying the “origin” value in a JSON Web Token (JWT), omit the trailing slash: use http://localhost:8000 not http://localhost:8000/ or you’ll get the warning “[MapKit] Authorization token origin restriction (‘http://localhost:8000/’) may not match the page origin (‘http://localhost:8000’)” and become very confused if you don’t spot that / at the end;
• Check the warnings console, as that’s where MapKit JS sends these useful bits of advice. If you just look at errors and logs, you’ll miss them.

That’s all, folks.