I have a web application with mobile app as well.
I need a way to revoke specific offline token. I know there are APIs to revoke all offline tokens which belongs to a user, this is not my use case.
I want to revoke offline token using the session id or any other means. The idea is to revoke access token of the user if we see any new device.
Appreciate any help or idea.