How do you do step #2, Delete the stored token? Where is it?

I accept the JWT, parse the Access and Data token for the the payload and other stuff, even store it in a database.

But I’m still not clear on how to create a Logout or Sign out that forces them to sign back in.