I'm currently working on an API and after a bit of time, I now understand how to use JWT in Go to get a token. With this token, I can keep a user connected but, how can I logout from the client application?

token.go
package main

import (
    "github.com/dgrijalva/jwt-go"
    "time"
)

const (
    tokenEncodeString = "something"
)

func createToken(user User) (string, error) {
    // create the token                                                                                                                                                                                  
    token := jwt.New(jwt.SigningMethodHS256)

    // set some claims                                                                                                                                                                                   
    token.Claims["username"] = user.Username;
    token.Claims["password"] = user.Password;
    token.Claims["exp"] = time.Now().Add(time.Hour * 72).Unix()

    //Sign and get the complete encoded token as string                                                                                                                                                  
    return (token.SignedString([]byte(tokenEncodeString)))
}

func parseToken(unparsedToken string) (bool, string) {
    token, err := jwt.Parse(unparsedToken, func(token *jwt.Token) (interface{}, error) {
            return []byte(tokenEncodeString), nil
    })

    if err == nil && token.Valid {
            return true, unparsedToken
    } else {
            return false, ""
    }
}

After research, I found out that I can use a black list, but I really want to know if it's possible with something easier, like the code above.

I also want to find a solution that works with the memory used by the JWT process. Someone who disconnects/connects himself all the time has to have only one token for each session, not one for him and a hundred in a given black list.