Former token generated still works as auth bearer token

[oivinds]

I thought that if you create a new token then a previously generated token would no longer work?

wp-json/jwt-auth/v1/token -> old token

wp-json/wp/v2/users/me bearer: old token -> "200 ok"

wp-json/jwt-auth/v1/token -> new token

wp-json/wp/v2/users/me bearer: new token -> "200 ok"

wp-json/wp/v2/users/me bearer: old token -> "200 ok"

Is this intensional? I'm using Postman to test this, though I assume that is not relevant. jwt-auth Version: 2.1.0

[sun]

Each JWT has its own lifetime and expiration date. Therefore this is the expected behavior.

You can learn more about the design of JWTs on jwt.io.