Django:the content is still visible after the token expires

Question

I expected server to stop sending the view after the token expires.At this point I don't do anything with the refresh token, I just wanted to test if I am able to get the content after the token expires, It seems the views.py still handles the request and returns the data.What else should I do in order to make that happen?

views.py

@api_view (["GET"])
def list_view(request):
    authentication_classes=[authentication.TokenAuthentication]
    permission_classes=[permissions.IsAuthenticated]
    instances=Products.objects.all();
    serializer=ProductsSerializer(instances,many=True);
    return JsonResponse(serializer.data,safe=False)

token setting

SIMPLE_JWT = {
    'ACCESS_TOKEN_LIFETIME': timedelta(minutes=5),
    'REFRESH_TOKEN_LIFETIME': timedelta(days=1),
    'ROTATE_REFRESH_TOKENS': False,
    'BLACKLIST_AFTER_ROTATION': False,
    'UPDATE_LAST_LOGIN': False,

    'ALGORITHM': 'HS256',
    'SIGNING_KEY': SECRET_KEY,
    'VERIFYING_KEY': None,
    'AUDIENCE': None,
    'ISSUER': None,
    'JWK_URL': None,
    'LEEWAY': 0,

    'AUTH_HEADER_TYPES': ('Bearer',),
    'AUTH_HEADER_NAME': 'HTTP_AUTHORIZATION',
    'USER_ID_FIELD': 'id',
    'USER_ID_CLAIM': 'user_id',
    'USER_AUTHENTICATION_RULE': 'rest_framework_simplejwt.authentication.default_user_authentication_rule',

    'AUTH_TOKEN_CLASSES': ('rest_framework_simplejwt.tokens.AccessToken',),
    'TOKEN_TYPE_CLAIM': 'token_type',
    'TOKEN_USER_CLASS': 'rest_framework_simplejwt.models.TokenUser',

    'JTI_CLAIM': 'jti',

    'SLIDING_TOKEN_REFRESH_EXP_CLAIM': 'refresh_exp',
    'SLIDING_TOKEN_LIFETIME': timedelta(minutes=5),
    'SLIDING_TOKEN_REFRESH_LIFETIME': timedelta(days=1),
}

urls.py

from django.contrib import admin
from django.urls import path
from products.views import list_view, post,delete,retrieve, update,create_user
from rest_framework_simplejwt.views import(
    TokenObtainPairView,
    TokenRefreshView
)
urlpatterns = [
    path('admin/', admin.site.urls),
    path('products/',list_view),
    path('create/',post),
    path('delete/',delete),
    path('retrieve/',retrieve),
    path('update/',update),
    path('get_token/',TokenObtainPairView.as_view()),
    path('get_refresh_token/',TokenRefreshView.as_view()),
    path('create_user/',create_user)
]

register request

import axios from 'axios'
import {useState,useEffect} from 'react'
import useHistory from 'react-router-dom'
import Style from '../style/form.module.css'
import { useNavigate } from 'react-router';
import { Link } from 'react-router-dom';

const Register =()=>{
    const history=useNavigate();
    const handleRegister=(e)=>{
        e.preventDefault()
        let data={
            'email':e.target[0].value,
            'user_name':e.target[1].value,
            'first_name':e.target[2].value,
            'password':e.target[3].value
        }

        axios.post('http://127.0.0.1:8000/create_user/',data)
        .then(()=>{
            history('/login')
        })

    }


return (
    <>
    <form className={Style.form} onSubmit={handleRegister}>
      Email  <input type ='email' />
      User Name  <input type= 'text' />
      First Name <input type='text'/>
      Password   <input type='password' />

     
      <button type='submit'> REGISTER</button>


     Already have account? <Link to='/login'>Login</Link>


    </form>
    </>
)
}
export default Register

log in request

import axios from 'axios'
import {useState,useEffect} from 'react'
import useHistory from 'react-router-dom'
import Style from '../style/form.module.css'
import { useNavigate } from 'react-router';
import {Link,Route,Routes} from 'react-router-dom'

const Login =()=>{
    const history=useNavigate();
    const handleRegister=(e)=>{
        e.preventDefault()
        let data={
            'email':e.target[0].value,
            'password':e.target[1].value
        }

        let config={
            headers:{
                Authorization:localStorage.getItem('access_token')
                ? 'JWT ' +localStorage.getItem('access_token')
                :null,
                'Content-Type':'application/json',
                accept:'application/json'
                
            }
          
        }
        axios.post('http://127.0.0.1:8000/get_token/',data,config)
        .then((res)=>{
                localStorage.setItem("access_token",res.data.access)
                localStorage.setItem("refresh_token",res.data.refresh)
                history('/home')  
                return res;
        })
        .catch((res)=>{
           if(res.response.status==401){
               alert('Email or password did not match')
           }
        })

    }


return (
    <>
    <form className={Style.form} onSubmit={handleRegister}>
      Email  <input type ='email' />
      Password   <input type='password' />
     <button type='submit'> LOG IN</button>


    </form>
    </>
)
}
export default Login