Is there a method to limit reusability of the callback url?

[vasteez]

It's probably unsafe to let the link be used multiple times. Can we limit it to once per link?

[eric-burel]

Since it's a JWT everything is encoded within the token so I think no, you need to rely on the jwtOptions "expiresIn" setting to limit the lifetime of the token.

If you really need this feature, you could maintain your a database collection where you store a unique value associated with the token, and call it from the verify callback. I think this function cannot access the token value, but it can access the content of the token and you can shove a unique id within it (a bit convoluted, but possible).