help: can jwt-auth destroy tokens it generates？

[fmcodeing]

Issue description

jwt-auth 是否由主动销毁已生成 token的功能？

Environment

• apisix version (cmd: apisix version):
• OS (cmd: uname -a):
• OpenResty / Nginx version (cmd: nginx -V or openresty -V):
• etcd version, if have (cmd: run curl http://127.0.0.1:9090/v1/server_info to get the info from server-info API):
• apisix-dashboard version, if have:
• luarocks version, if the issue is about installation (cmd: luarocks --version):

Steps to reproduce

jwt-auth 是否由主动销毁已生成 token的功能？

Actual result

jwt-auth 是否由主动销毁已生成 token的功能？

Error log

jwt-auth 是否由主动销毁已生成 token的功能？

Expected result

No response

[tzssangglass]

jwt is stateless, as specified by the protocol itself. The jwt has an expiry date and will expire automatically when it does.

[mckuok]

What if the user logs out and we want to invalidate that particular jwt associated with that device (web browser)?

[tokers]

You may design bookkeeping for recording if a token is valid. Maybe use an RDS or NoSQL. But that's not supported by Apache APISIX. You need to extend it by yourself.