@dansup Hmm, so a malicious admin could remove the code for revocation and keep the token? Is that an attack vector? 🤔