This isn’t possible without customization and implementing your own middleware style blacklist/whitelist with auto cleanup.
We use JWT (JSON web tokens) meaning once the token is issued it can’t be revoked without changing the server secret which invalidates all JWT. Meaning you need to intercept the requests and add them to a blacklist/whitelist.
Ideally in a timeout, you would update the black/white list with the last request time, and have some kind of auto-cleanup script to purge entries after a certain amount of time. In the case of a whitelist, if the JWT isn’t in the whitelist then deny the request.