Thank you for the answer.
So as I understand our implementation is correct and JWT should return 401 Unauthorized error when we decoding invalidated (old) access token?
If yes, then it does not work as expected in my case. Even after user log out, if I put old access_token to JWT - it decodes it successfully and return payload.
I also tried to use old access_token in userInfo request, and it works:
GET https://YOUR_DOMAIN/userinfo
Authorization: 'Bearer {ACCESS_TOKEN_OLD}'
Do you have any ideas why? (I have an assumption that using /v2/logout does not invalidate the access_token and it’s still work until expiration date is relevant?)