Because sometimes people post their logs online without filtering out their auth tokens, and I'm not aware of a way to invalidate one, and I don't think (?) they expire, or at least not quickly. This makes me sad.
FYI, tokens are uniquely associated with devices and can therefore be removed at https://my.plexapp.com/devices. Now, if you only know the token you want to invalidate and not the device, then that's a bit tricky currently, but it is at least possible to revoke things.
Does that apply to non-MyPlex auth? (Does that even exist anymore?)
Non-myPlex auth isn't really supported and hasn't been for a while. But to the extent that it works, it's password based, not token based, so it can't be revoked in the same way.
Alright, that sounds good. Then all that's needed is an easy way to figure out which token corresponds to which device. Perhaps myPlex could provide a simple way to paste in a log and revoke all tokens in it.
A log-censoring tool could also help.
2021 clean-up: “duplicate” (succeeded by new thread on the same topic; closing this one as the responses got quite dated)
