please accept this as feature request / suggestion:

currently I am not aware of either an endpoint nor UI for such an overview and while I can revoke an individual (refresh) token, there is no way of getting a list of existing tokens.

the list does not need to contain the tokens (must not!), maybe just some other reference (id) accessible via API would be good enough and then ability to revoke by that reference.

the current status could lead to security holes in organisations as they do not know which issued tokens are valid and could potentially be exploited. refresh tokens never expire and are powerful / dangerous. the API console is generous acting as a factory and allowing generating an unlimited number of "powerful tokens".

the only strategy I am aware of is deleting the whole API client in regular intervals.