I believe this is because the jwt verifier is only validating the claims in the token and whether it has expired. There isn’t information inside the token to identify whether the user has logged out. If you have security concerns, it is recommended to keep the token lifetime relatively short.
An alternative is to use the /revoke endpoint to revoke the access and refresh tokens when the user has logged out of your application.
Then you can use the /introspect endpoint to see whether the token is still active.
If the token is invalid, expired, or revoked, it is considered inactive.
There is a good explanation from Auth0 as well: Best practice for checking if token is revoked in API - #2 by nicolas_sabena - Auth0 Community