The approach with storing the timestamp of the revocation work really well as long as you only have one JWT for a user/application. However, if for the specified account there are multiple JWTs (for example one used by the user and one by some automated tool), you will revoke both. There are workaround though, I believe, so I still consider your idea to be good :)
Thanks for the suggestion.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
The approach with storing the timestamp of the revocation work really well as long as you only have one JWT for a user/application. However, if for the specified account there are multiple JWTs (for example one used by the user and one by some automated tool), you will revoke both. There are workaround though, I believe, so I still consider your idea to be good :)
Thanks for the suggestion.