As an admin on multiple instances, I need to review access tokens and clean them up...particularly when users have left the company. As of now, there is no way to know whether the token is in active use or what may be impacted if it's deleted.
This may be a more complicated thing to address, but it is a pretty big security issue. Since there is no insight into this, it's also not known if people are misusing tokens in any way by using them for purposes other than the one listed upon creation. Breaches are also not currently detectable.
