Add logout functionality to correctly terminate user sessions

Currently there is no way to blacklist a JWT token, which is a small security severity. It would be great if there would be a logout endpoint which blacklists the token, so it is not possible to use the token anymore. Otherwise it would be possible to login without credentials, just by using the token (for example after a user “logs out”/removes the locally stored token in the front end).

This Laravel library does exactly that (also when a token is refreshed): https://github.com/tymondesigns/jwt-auth

Thanks in advance for considering this!