Once the authorizer has been attached to the service object, it issues fetchers using the service object. I would guess that at the point of token revocation, the service object has already been released.
Unfortunately, there's a circular dependence (the auth object relies on the service, and the service object relies on the auth object), so the auth object only weakly retains the fetcher service.
A safe workaround is just to set the auth.fetcherService to nil once the service has been released.