Log them out of Twitter or your app? The former, I guess would be pretty annoying. For the latter, is https://dev.twitter.com/docs/api/1.1/post/oauth2/invalidate_token what you're looking for?
Allows a registered application to revoke an issued OAuth 2 Bearer Token by presenting its client credentials. Once a Bearer Token has been invalidated, new creation attempts will yield a different Bearer Token and usage of the invalidated token will no longer be allowed.