Hi,

quick security question: Is there a way to invalidate a generated token from /cli-auth, so that no API access is possible before the usual expiration of the token?

To my surprise, they are not listed under coder tokens list and also not under /settings/tokens in the UI (v2.14.3).

If there is no way yet, i suggest a new flag like coder tokens list --show-session-tokens or something like that.

This is related to #13990.