OAuth token repository
When we introduced JWT, we stopped using the TokenRepository and validating tokens on the server.
At the moment, an OAuth JWT token cannot be revoked -- the token is valid until it expires and the expiration date is encoded in the token itself.
I think we need to be able to revoke OAuth tokens.
@mborodenko what do you think?