Examples of techniques for validating access tokens are described herein. An example computer-implemented method includes receiving, via a processor, a pushed event at a server. The method includes adding, via the processor, a value of the pushed event to a black list of recently disabled users, devices, applications, or any combination thereof. The method also includes receiving, via the processor, a request to access a resource on the server, the request including an access token. The method further includes comparing, via the processor, a field value of the access token with the black list. The method further includes declining, via the processor, the request based on a match of the field value of the access token with a value of the pushed event in the black list.