🐞 Bug Summary

There is a mismatch between the jti (JWT ID) claim found in the decoded JWT token and the jti value stored in the database for what should be the same token. This results in inconsistency where a single token appears to have two different identifiers one in the token itself and another in the system's storage. This can lead to authentication failures, token revocation issues, or inaccurate token tracking.

🧩 Affected Component

Select the area of the project impacted:

• mcpgateway - API
• mcpgateway - UI (admin panel)
• mcpgateway.wrapper - stdio wrapper
• Federation or Transports
• CLI, Makefiles, or shell scripts
• Container setup (Docker/Podman/Compose)
• Other (explain below)

🔁 Steps to Reproduce

1. Generate a new token via the UI or API.
2. Decode the generated token using the appropriate secret key and note the jti value in the payload.
3. Query the email_api_tokens table in the database and locate the entry corresponding to the generated token.
4. Compare the jti value from the decoded token with the one stored in the database, observe that they do not match.

🤔 Expected Behavior

The jti generated during token creation should be stored in the database exactly as it appears in the JWT payload. Both values should match and uniquely identify the same token instance.

💥Impact:

Token revocation or validation mechanisms relying on jti fail.
Security audit trails may be inaccurate.
Potential security risk if invalid or mismatched tokens are treated as valid.

🧠 Environment Info

You can retrieve most of this from the /version endpoint.

🧩 Additional Context (optional)

Add any configuration details, flags, or related issues.