How to cater for user account suspended after that user login and a refresh token already issued?

[Paul Luk]

Hi,

  Suppose a user login via CAS (OpenID Connect and have refresh token issued [say valid for a week]), later the admin decided to suspended/terminate that account (say staff leave company), how do we cater for such situation?

  Invoke the revoke endpoint (/oidc/revoke) or there is hook for that (e.g. add extra account status check during access token renewal)?

  thank you.