The JWT specification defines a payload attribute named jti which is used to store the token's nonce/id.
To avoid replay attacks, the backend adds the token's nonce to a scratchpad memory when the token is used in order to invalidate the token even if the expiration timestamp isn't reached.
If a JWT implementation is implemented to ignore replay attacks or even token expiration, the jti can still be used to invalidate tokens.
To avoid replay attacks, the backend adds the token's nonce to a scratchpad memory when the token is used in order to invalidate the token even if the expiration timestamp isn't reached.
If a JWT implementation is implemented to ignore replay attacks or even token expiration, the jti can still be used to invalidate tokens.