oodaniJust about to code my token endpoint: thoughts on revoking access? My tokens are gonna be stateless JWT, so there won't just be a table to remove them from. I could store a list of authorised client IDs. perhaps - remove a client from that list, all their tokens stop working.
