My server implementation is the same as yours. As I understand it, revoke is intended for security and system overhead. When we no longer need to interact with the apple server, we need to actively destroy the corresponding accesstoken and refreshtoken. However, we did not perform login verification, that is, we did not call oauth/token, so accesstoken and refreshtoken will not be generated. Since these are not generated, there is no revoke.