OAuth2 refresh tokens do not respect the expiration specified in REFRESH_TOKEN_EXPIRE_SECONDS.
Acknowledgments: Name: @sdwru
Statement: Ansible Tower 3.5.5 and 3.6.3 as well as previous versions are affected.
Mitigation: Whenever is possible, deleting the user from Ansible Tower is the only way to mitigate the authentication of OAuth2 tokens.
Upstream AWX fix: https://github.com/ansible/awx/issues/6630