The following Flask RESTful Destroy User Token discusses how to destroy a flask token, however this does not prevent a man in the middle attack. Is there anyway to invalidate the token so it is no longer active before the time it expires?
The tokens shown in the question you referenced are created by adding a cryptographic signature to some data. Typically the data stored in a token includes the token owner (for example the user id), and can also include an expiration date.
The nice thing about these tokens is that all the useful data is stored inside the token, so you do not need to store anything in your database. You just pass the token to the client, and when the client sends it back you decode it and use the information in it to know who the client is.
The downside of this approach is that there is no simple way to revoke a token, because tokens are not stored anywhere. To extend this mechanism to allow revocation, you can add a database table where revoked tokens are stored. Then during token validation you not only decode the token, but also make sure that the token is not in your revoked list.
Another, completely different approach is to not use signed tokens. Just make the token a random UUID and store it in the user table for each user. If you index it, then when the client sends the token you can locate the user with a database search. And then revoking a token is simply done by clearing the token field for the user.
I hope this helps!