Comment 12 for bug 1086189

As i see this problem. After role was revoked and all the tokens was deleted, Horizon does not check token stored in session for revocation. All the calls to horizon.exceptions.handle() are made with escalate=False, so no redicrect produced. But setting escalate to True, could produce inconsistent behavior too.
I think, best solution would be to perform token validity check in exceptions.handle(), and if it's invalid (call to GET /v3/auth/tokens, for example), do the logout or drop session.