If your scenario requires authorization lookups for every call (ie you cannot tolerate the staleness of a jwt, no matter how short) then token based auth is probably not the right solution.
Using token based auth adds complexity, if you are still going to make authorization calls every time you are paying that cost for no gain.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
If your scenario requires authorization lookups for every call (ie you cannot tolerate the staleness of a jwt, no matter how short) then token based auth is probably not the right solution.
Using token based auth adds complexity, if you are still going to make authorization calls every time you are paying that cost for no gain.