Previous OAuth2 access tokens not being invalidated on reauthorization

API
2

For clarity: This is using the same client ID, of course.