diff --git a/packages/twenty-server/src/engine/core-modules/auth/services/token.service.ts b/packages/twenty-server/src/engine/core-modules/auth/services/token.service.ts
index 288bac064..034cf6202 100644
--- a/packages/twenty-server/src/engine/core-modules/auth/services/token.service.ts
+++ b/packages/twenty-server/src/engine/core-modules/auth/services/token.service.ts
@@ -322,13 +322,13 @@ export class TokenService {
       assert(
         authorizationCodeAppToken,
         'Authorization code does not exist',
-        ForbiddenException,
+        NotFoundException,
       );
 
       assert(
         authorizationCodeAppToken.expiresAt.getTime() >= Date.now(),
         'Authorization code expired.',
-        NotFoundException,
+        ForbiddenException,
       );
 
       const codeChallenge = crypto
@@ -355,7 +355,7 @@ export class TokenService {
       assert(
         codeChallengeAppToken.expiresAt.getTime() >= Date.now(),
         'code challenge expired.',
-        NotFoundException,
+        ForbiddenException,
       );
 
       assert(
@@ -364,6 +364,15 @@ export class TokenService {
         ForbiddenException,
       );
 
+      if (codeChallengeAppToken.revokedAt) {
+        throw new ForbiddenException('Token has been revoked.');
+      }
+
+      await this.appTokenRepository.save({
+        id: codeChallengeAppToken.id,
+        revokedAt: new Date(),
+      });
+
       userId = codeChallengeAppToken.userId;
     }