oauth_token still valid after application de-authorization

I can confirm this occurs for me. This is also a regression from a month ago, since this was fixed™ already.