Is it possible to revoke a user’s refresh tokens without knowing the access token?
The only documentation I can find around revoking tokens for OIDC clients is here,
This requires knowing the access token.
What about the case where I want to revoke a refresh token, but the access token is not known?
For example, Auth0 provides an API to list token IDs for a user, then revoke tokens by ID;