There are several reason to invalidate a JWT token before its expiration time: account deleted/blocked/suspended, password or permissions changed, user logged out by admin.
JWT is self-contained, signed and stored outside of the server context, so revoking a token is not a simple action.
