Yandex.OAuth revokes tokens in the following cases:
The user revoked the token on the Third party clients page. When an OAuth token is revoked, the corresponding refresh token is revoked automatically.
The token expired.
The application owner changed the requested permissions or the value of the Callback URL field, or deleted the application. In this case, all tokens that were ever issued to this application are revoked.
Revoking tokens in the app
An application can revoke OAuth tokens that were issued for a specific device, using a special request to Yandex.OAuth.
To implement logging out of an account for regular tokens, you can delete the account's tokens from local storage — it is impossible to restore a deleted token using Yandex.OAuth, and the application will have to request access again.
However, nothing will change for the user on the Third party clients page. The token issued to the application will be considered active until it is revoked in one of the ways listed above.