Open
Description
The issue of device token not being expired has been discussed in #2302 and #2587. While the work tracked there will tighten up system access security, we still need a way to immediately invalidate tokens similar to what operator can do for local user passwords.
The API request payload will probably be similar to that for set/invalidate password API.