Whilst testing Jive's refresh token endpoint I noticed that old access tokens are still valid even after the user has been issued with a new version;
Is this standard OAuth behavior? The old token remains active until its natural expiry ( set to 48 hours on the system I'm working on).
This doesn't sound like behavior that I saw on the sandbox a while ago, but I can double check. The token's once refreshed should expire out previous tokens, I would suspect but I need to raise this internally to get someone to validate my assumptions.