I have generated Flask-JWT token for user authentication, but on logout i want to invalidate token. Now it's allowing to access route after logout.
@app.route('/logout', methods=['POST'])
@jwt_required
def logout():
user = current_user
user.authenticated = False
db.session.commit()
logout_user()
return jsonify({'success': True})
Check flask-jwt-extended. It has support for blacklisting tokens built in to the extension (and is still actively supported, unlike flask jwt which has been abandoned).
https://flask-jwt-extended.readthedocs.io/en/stable/blacklist_and_token_revoking/