I am using rest_framework_simplejwt for authentication in my django app. For logout, I want to expire the refresh token.

class LogoutView(APIView):
    permission_classes = (IsAuthenticated,)

    def post(self, request, *args, **kwargs):
        try:
            refresh_token = request.data.get('refresh', None)
            token = RefreshToken(refresh_token)
            token.set_exp(lifetime=timedelta(seconds=0))
            return Response(status=status.HTTP_205_RESET_CONTENT)
        except Exception as e:
            print(e)
            return Response(status=status.HTTP_400_BAD_REQUEST)

This works as expected. When I do token.check_exp(), it says ‘Expired’. However, I can still use it to generate new tokens here:

from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView
urlpatterns = [
    path('token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
]

Why is that?
However, this all works as expected if i blacklist the token instead of expiring it.