JWT Description here: https://journaly.com/post/48442

A JWT lives in the client's browser. There is no way for the server to revoke a JWT because it's stateless. If a JWT gets compromised, we have to find a solution to make it invalid. We can create a so-called refresh token. We give the JWT a very short lifespan and save the refresh token in the database to use as a validator.

JSON Schema Validation:

On our server, basically everything is vulnerable. Every user input, every POST, and every GET request is vulnerable, so everything has to be verified. One of the solutions is to have a JSON schema. We check incoming requests against this schema.