So the browser never uses the token again?
It isn’t feasible to monitor millions of keys to dispatch events on expiry, which is why the feature doesn’t work the way you would like it to for your very specific use case. Even Redis, which has keyspace monitoring event dispatch, has a disclaimer saying that these events can dispatch a long time after TTL, so it’s not reliable.
There’s two other ways of doing this though:
The expires value that is set in the token is a unix timestamp, so if you are generating tokens programatically, then you can always implement your own clock.
Alternatively, add a heartbeat to your webapp that uses the key (it could just call a virtual endpoint, so you won;t need to implement anything server side), when the key expires, the heartbeat will fail with an assertable error and you can expire the concurrent license.