Which is probably the most robust and scalable of them all. I was wondering some some services took 30m to an hour to revoke access, and this is the reason why. Only downside is you have to use JavaScript on the browser, which isn’t much of a problem really.
Oh right! I totally forgot that you could use cookies for JWT. It's been a while, but I think the reason why I didn't think of it was because, if you're using cookies to transport jwt, couldn't you just use signed cookies with a set expiration date?