From the article, refresh tokens are revokable. The whole point of JWT + refresh token is that for normal operation, you don't need to hit the database but still able to revoke a token.