When we try to delete all the tokens for a 'resource _owner' specific to a 'client_key' using the token store API,
API endpoint : /oauth/tokenstore/revoke
Parameters: resource_owner , client_key
In all scenarios, all the tokens (access token s and refresh tokens) belonging to the given resource_owner for the client_key should be deleted.
In case, any of the access_tokens for the same resource_owner and client_key have been expired and the corresponding refresh_tokens are still active, then this api is not deleting those active refresh_tokens.
These refresh_tokens can again be used to generate new access_tokens, which is not a desired behavior.
Is there any better way to delete all the tokens for a resource_owner and given client_key.