Why should it be a problem? Seems to me that it works as designed, but not as expected.

First of all you have to understand what an access token is:

An access token contains information about the client and the user (if present). It is a self-contained code that can be decoded by the server only and has a certain lifetime.

Anyone can access your resources with this access token. It doesn't matter if it comes from your app or from somewhere else. That's why the access token should be short-lived. In case it falls in the wrong hands then it can be misused for only a short period of time. You can also add security measures to invalidate the token if this is detected.

Secondly, how should identityserver know that you closed your app? Sure, you did logout, but that did not change the access token. The token is self-contained and cannot be updated! It lives on its own until it expires.

And that is precisely what you see:

When you call the endpoint of instrospection it returns active true until the access_token expires.

-- update --

If you want to stay in control then consider to use reference tokens instead of JWT tokens.

When using reference tokens - IdentityServer will store the contents of the token in a data store and will only issue a unique identifier for this token back to the client. The API receiving this reference must then open a back-channel communication to IdentityServer to validate the token.

Using the Revocation Endpoint you can revoke the reference token.