@1chef In your experience does this actually revoke the old customer-scoped access token? We have tried unclaiming a device via the online console.particle.io portal, and then reclaiming it via the Create Customer Scoped Access Token => Claim Device with Customer Access Token process as a means of disabling old access tokens but find that the old access tokens still work to communicate with the device (at least if the customer email address is the same as it was prior to unclaiming it in the first place).
Given this finding, it appears we cannot revoke access tokens to devices, unless the “Remove device” procedure undoes something the Unclaim Device option does not on the online device management portal. We suspect we might be missing something though as this function feels fairly fundamental.
Does anyone know a concrete procedure for revoking customer-scoped access tokens?