diff --git a/changelog.d/oauth2-token-linger.fix b/changelog.d/oauth2-token-linger.fix
new file mode 100644
index 0000000000000000000000000000000000000000..da4e46316b20cc0236e6875747f5b64334d0228e
--- /dev/null
+++ b/changelog.d/oauth2-token-linger.fix
@@ -0,0 +1 @@
+Fix OAuth2 token lingering after revocation
diff --git a/src/modules/users.js b/src/modules/users.js
index e976d875369c9989aa61fc66f043fdaf4fafc5d0..50b4cb84d428edd174fc78b5eaf20c700951a8c8 100644
--- a/src/modules/users.js
+++ b/src/modules/users.js
@@ -651,6 +651,12 @@ const users = {
               const response = data.error
               // Authentication failed
               commit('endLogin')
+
+              // remove authentication token on client/authentication errors
+              if ([400, 401, 403, 422].includes(response.status)) {
+                commit('clearToken')
+              }
+
               if (response.status === 401) {
                 reject(new Error('Wrong username or password'))
               } else {