Well claude code doesn't revoke the tokens at all! I can fish the endpoint out of my browser logs easily enough. But who on earth designs an API token with a fixed long-term expiry and no automated way to revoke it? What is going on over there?

→ View original post on X — @honnibal,