JWTAuth::parseToken()->authenticate();

[Cofa12]

There is a security issue with that function , it use the sun which is usually id . but think about that approach , If I authenticated and get the id 1 and make a process depends on JWT token then I deleted the DB when I authenticated again the JWT SUB will take the id 1 . so the previous one is valid . How ??

[seniorit]

This is perfectly normal behavior, because the token hasn't expired yet. However, it's worth noting that you're not considering the secret key as part of the security component.