Actually, yes an option to expire the client secret independent of the the client id would be good.
Now, I talked more about this to my colleague Sascha who is the OAuth 2.0 expert around here. (saspr02 ).
Although expiration of the client secret is not configurable through the OTK, he tells me you could manually change the client_secret and assign it to the same client ID. So I believe there is hope. See, even "correct answers" can expire. ;-)