As i see this problem. After role was revoked and all the tokens was deleted, Horizon does not check token stored in session for revocation. All the calls to horizon.exceptions.handle() are made with escalate=False, so no redicrect produced. But setting escalate to True, could produce inconsistent behavior too.
I think, best solution would be to perform token validity check in exceptions.handle(), and if it's invalid (call to GET /v3/auth/tokens, for example), do the logout or drop session.
As i see this problem. After role was revoked and all the tokens was deleted, Horizon does not check token stored in session for revocation. All the calls to horizon. exceptions. handle( ) are made with escalate=False, so no redicrect produced. But setting escalate to True, could produce inconsistent behavior too. handle( ), and if it's invalid (call to GET /v3/auth/tokens, for example), do the logout or drop session.
I think, best solution would be to perform token validity check in exceptions.