For refresh token, or destory how about re issue token??

[XOneto9]

Hi, I'm David

I read almost discussion about refresh token. It feel it has some problem.

At now, I have a some question of re-issue token.
Also, I got a principle the issued token do not destory.

If the situation is about log-out, sign out or prolong expire day, etc.., then how about re issue of token from web server? Just re-issue
Because I heard JWT does not have token-store. And issued token dose not destory. I think just the token will re-issue for log-in/out and just issued token string remove for drop out.
Is it having a some problem???

[PeppeL-G]

With tokens, to login, you basically ask the server to create a token, and then you store it on the client. If the token is self-contained (as JWTs; the information about the token is stored inside the token), then you simply stop storing it on the client, and it has been deleted.

If the token is not self-contained (the information about the token is stored on the server), then you need to tell the server to delete the token for you when the user logs out.