How Do I Ban Users & Invalidate Their JWT Tokens?

When a malicious user gets banned by an admin, I have to ensure he no longer can access protected routes, but that means I have to query the database every time checking a user's token, is there a more efficient method for invalidating tokens?
JWTs can’t be invalidated directly, they’re signed and verified offline by the server. So you’d have to maintain a ban-list in a key value store until after the JWT expires, or something similar
you can always store your tokens db side and invalidate them, that's how you can select which tokens to invalidate from which location/device on many apps

Looking for more? Join the community!