It's been awhile since I've seen it done that way. I think you're referring to the situation where the API servers authenticate you just by checking signature of a timestamped access token and when the token expires the client fetches a new one.
For all the OAuth API services I've worked on we'd just look up the access token in the database on each request, so a revoked token becomes useless immediately.
For all the OAuth API services I've worked on we'd just look up the access token in the database on each request, so a revoked token becomes useless immediately.