Consider following scenario.
- A User (User-A) logs into GitHub and create an OAuth app under developer settings.
- Then User-A can initiate an OAuth2 Web token flow to acquire an access token for API access.
- Then User-A reset his Github account password from the GitHub Web UI.
In this case, User-A will be able to access GitHub APIs with the same token even after password reset.
I want to clarify whether this is the default behavior of GitHub to not to invalidate the OAuth access tokens acquired by using OAuth2 web flow after resetting account password?