It's common practice to prevent security issues, if some third party possibly get your auth token they will be able to use your account permanently. Logout after sometime (in most cases it 1-2 weeks) will help in this case, because their stoled token will not be valid. So, you just need to try authorize again after getting Unauthorized exception, and if error is repeated then throw it to user.