Each token should have a name associated with it.
Usual workflow — a web service and some desktop client. One user can have more than one token created for the same client on different machines. When user grants access it should be possible to name this token. Say "CoolApp on personal laptop", "CoolApp at work" etc. Later if user wants to revoke access to some client he can differentiate them.