Minor issue in test - not recalculating the signature when changing the nonce
There is a minor bug in the test line below
Although the nonce is changed, the old signature is reused. In this particular case because what is being tested is the revocation of the access_token and that is still fine, however in the case the access_token is not revoked, the tests still (wrongly) returns a 401, however for the signature being wrong instead. This might lead to confusion.