Invalidating API keys (refresh tokens) on password change or changing
2FA status doesn't make sense. Given that ebay has very limited
"multi-user"/"child account" functionality, often the account login
details need to be shared with multiple users wi...
