Comment 7 for bug 1870171

Thanks for catching that. It looks like the transfer_resources_to code never changed the OAUTH token from the previous user. I confirmed this code can only be used when deleting a user so there is no risk of the previous user maintaining access to a transferred node.