The access token expires after 5 minutes. Therefore, there is a delay, where the integrator still can use the access token until it expires. However, the refresh token will not be able to be used, and then the integrator will not be able to get a new access token. This is why we want to have short lived access tokens, as refresh tokens have a longer lifespan of 1 year, until they can be revoked.
The consent is ‘only’ revoked when the person who has access to MobilePay Admin portal actively logs in, open product menu --> integration and clicks “x” to revoke consent. There appears a warning pop up, when doing so. It is just to illustrate that revoking consent is hardly done by ‘accident’.