Use UUIDv7 for JTI claim on Python 3.13+

[jesustorres-code]

Closes #943

What

Replace uuid4 with uuid7 for JTI generation on Python 3.13+, falling back to uuid4 on older versions.

try:
    from uuid import uuid7 as _uuid_for_jti  # Python 3.13+
except ImportError:
    from uuid import uuid4 as _uuid_for_jti

Why

UUIDv7 is time-ordered (monotonically increasing), which makes it significantly more efficient as a b-tree index key in the OutstandingToken table used for blacklisting. UUIDv4's random distribution causes index fragmentation and write amplification at scale; UUIDv7 inserts append near the end of the index, reducing page splits.

Python 3.13 added uuid.uuid7() to the standard library (PEP 769). Older supported versions (3.10–3.12) fall back to uuid4, preserving existing behavior.

Changes

• rest_framework_simplejwt/tokens.py: conditional import; set_jti() uses _uuid_for_jti().hex
• tests/test_tokens.py: added format assertion (32-char hex string) to test_set_jti

No migration needed — the JTI column type and length are unchanged (hex string, 32 chars).

[Andrew-Chen-Wang]

thanks!

[Andrew-Chen-Wang]

Suggested change

	try:
	from uuid import uuid7 as _uuid_for_jti # Python 3.13+
	except ImportError:
	from uuid import uuid4 as _uuid_for_jti # type: ignore[assignment]
	try:
	from uuid import uuid7 as _uuid_for_jti # Python 3.13+
	except ImportError:
	from uuid import uuid4 as _uuid_for_jti # type: ignore[assignment]
	uuid = _uuid_for_jti

so that users can override it

[lets-build-an-ocean]

Hey @jesustorres-code, great work on this — UUIDv7 for JTI is a solid improvement especially for blacklisting at scale.

Are you planning to address @Andrew-Chen-Wang's suggestion of exposing uuid = _uuid_for_jti for user override? If you're busy or don't have time, I'm happy to pick it up and carry this across the finish line with full credit to you.

I'm actively looking to contribute to open source projects and this would be a great place to start!