JWT and one-time tokens?

Question

I\'m in the process of rolling my own JWT token auth, however, I would really like it to be a one time-token – so once it\'s used, the server generates a new token and the c

Answer 1

Use the user's current password's hash for signing the JWT token, in this way all tokens generated before a successful password change would get invalidated the next time. I got the idea from here https://www.jbspeakr.cc/howto-single-use-jwt/.