Correction: It does not immediately invalidate the current access token, only the refresh token. The problem as described above still stands, however. Anyway, I think I found a somewhat workable solution using (1) for now. Will have to monitor for errors cropping up once deployed.
... View more
