Correct. This was not communicated at the time I made this response.
To be absolutely on the safe side and to prevent the misuse of leaked device access tokens, users are advised to reset these manually.
(I am recommending the manual procedure, because if you go through the “Password reset” procedure, you will end up with a regular password on your Plex account, which you didn’t have before [if you created your Plex account using one of the federated auth providers].)
https://app.plex.tv/desktop/#!/settings/devices/all does list all valid device access tokens of your account. If you delete these, those devices will lose access.
You will have to re-connect these Plex clients with your Plex account.
If you delete the token of your server as well, you will also have to re-connect your server.
(note: if you try this with Plex clients in your local network, you could get the impression that revoking the token didn’t work. However, this could be caused by the server configuration “List of IP addresses and networks that are allowed without auth”. All clients with these IP addresses will continue to have access, because the configuration explicitly instructs the server to give them access anyway.)
