Describe the bug

When disabling a user in Authentik, the refresh tokens associated with the users are not deactivated.
It also seems like the user is able to refresh its token.

To Reproduce

Create a user -> create refresh tokens -> deactivate the user -> Try to use the token.

Expected behavior

I expect all tokens/permissions associated with the user to be deleted/rewoked.

Screenshots
If applicable, add screenshots to help explain your problem.

Logs

Version and Deployment (please complete the following information):
[2024.10.4]
helm (https://charts.goauthentik.io)

More information:

I "solved" this by deleting the user and lowering the refresh token validity period.
Only after user deletion, the user cannot refresh its token after it expired.