If you follow the web API template for ASP.NET and OWIN using OAuth, if you make a call to the sign out function of the AccountController and pass the token of your subscriber, you will be logged out and the carrier token will no longer be active.
For OAuth, you must update the token before it expires or after it expires, or re-authenticate the user to receive a new token completely after the expiration. In fact, the validity period of the token is fixed, but by performing a periodic update, you get the same final result. Expiration with each update. All of this can be configured in OAuthAuthorizationServerOptions , which is passed to your OWIN application context in Startup.Auth .
Hope this helps.