Same if the user is inactive for too long. Simple, effective and there is not much that can go wrong.
[umm.....]
There are two dangers with it. First, if the token which is typically stored browser side is stolen, the attacker can impersonate the user, even long after the user signed out... Except if you keep a database of revoked tokens, which not only loses the main benefit of JWT being "stateless" but also adds undesired complexity.
Looks like you dropped and entire paragraph:
Oh, thanks for noticing. And for reading it as well ^^. I guess I made some mistake during editing, I'll fix that.