Invalidating/resetting OAuth tokens

Hi there ST developers,

In not so distant past, I was able to call createAccessToken() and that would populate state.accessToken for my SmartApp. Also, call to the same method would invalidate previous access token.

Right now, when createAccessToken() is called, it creates a new token, but the old one still remains valid. It is possible to create multiple access tokens.

Does anyone know why this behavior was changed on the back end and what is the “new” way of invalidating tokens?

Change logs would be nice.