The login for the user is done by consent app. And the access token is returned then the user can use for request data from the resource server.
Another scenario if the user is deactivated by the system. Is there possible to tell ORY Hydra must revocate all access token base on users?