The only way you can get the token blacklisted error is if you use a token that was already refreshed or logged out on. Expired token produces token expired error.
I am not really sure how your ( @rbarriuso) client app handles JWT. Would there be in any chance your client app is sending a token on the PUT call that was already refreshed or logged out on?
If you haven’t seen this already, here is a thread where forever JWT was discussed in great details before…