Invoke-OktaRemoveAccessToken should revoke the access token prior to nulling it out

[aseigler]

Invoke-OktaRemoveAccessToken currently sets the script-bound variable containing the cached access token to null. It would be much better from a security perspective if the token were first revoked, then the variables containing them set to null. It is especially important because the process of revoking access tokens requires the access token, and if you've already set it to null, you have effectively lost the handle to the access token and are unable to revoke it directly.

I am more than willing to provide a PR to resolve this properly.

[laura-rodriguez]

Hi @aseigler,

Thanks for your feedback. We do agree.

This has been part of the team plan, but we haven't had time to implement it due to other priorities.

We're more than happy to accept contributions if you're willing to; please take a look at our contributing guide and CLA.