I am using the revoke api call (…oauth2/default/v1/revoke) and after I do that I call introspect (…oauth2/default/v1/introspect) and I can see that the active status is now equal to false. however I can still use the token in Postman. should that be allowed? Do I need to do something else to make the token unusable?
Maybe I am misunderstanding what revoke is meant to do?