diff --git a/keystone/federation/core.py b/keystone/federation/core.py
index 92da910b04..a78f6039d6 100644
--- a/keystone/federation/core.py
+++ b/keystone/federation/core.py
@@ -68,12 +68,14 @@ class Manager(manager.Manager):
         # NOTE(lbragstad): If an identity provider is removed from the system,
         # then we need to invalidate the token cache. Otherwise it will be
         # possible for federated tokens to be considered valid after a service
-        # provider removes a federated identity provider resource. The `idp_id`
-        # isn't actually used when invalidating the token cache but we have to
-        # pass something.
-        notifications.Audit.internal(
-            notifications.INVALIDATE_TOKEN_CACHE_DELETED_IDP, idp_id
+        # provider removes a federated identity provider resource.
+        reason = (
+            'The token cache is being invalidated because identity provider '
+            '%(idp_id)s has been deleted. Authorization for federated users '
+            'will be recalculated and enforced accordingly the next time '
+            'they authenticate or validate a token.' % {'idp_id': idp_id}
         )
+        notifications.invalidate_token_cache_notification(reason)
 
     def _cleanup_idp_domain(self, domain_id):
         domain = {'enabled': False}
diff --git a/keystone/notifications.py b/keystone/notifications.py
index fe74478d9a..3a32865c03 100644
--- a/keystone/notifications.py
+++ b/keystone/notifications.py
@@ -79,8 +79,6 @@ CONF = keystone.conf.CONF
 INVALIDATE_TOKEN_CACHE = 'invalidate_token_cache'
 PERSIST_REVOCATION_EVENT_FOR_USER = 'persist_revocation_event_for_user'
 REMOVE_APP_CREDS_FOR_USER = 'remove_application_credentials_for_user'
-INVALIDATE_USER_OAUTH_CONSUMER_TOKENS = 'invalidate_user_consumer_tokens'
-INVALIDATE_TOKEN_CACHE_DELETED_IDP = 'invalidate_token_cache_from_deleted_idp'
 DOMAIN_DELETED = 'domain_deleted'
 
 
diff --git a/keystone/oauth1/controllers.py b/keystone/oauth1/controllers.py
index 47bda86a1a..4d26c19bd8 100644
--- a/keystone/oauth1/controllers.py
+++ b/keystone/oauth1/controllers.py
@@ -39,17 +39,6 @@ LOG = log.getLogger(__name__)
 PROVIDERS = provider_api.ProviderAPIs
 
 
-def _emit_user_oauth_consumer_token_invalidate(payload):
-    # This is a special case notification that expect the payload to be a dict
-    # containing the user_id and the consumer_id. This is so that the token
-    # provider can invalidate any tokens in the token persistence if
-    # token persistence is enabled
-    notifications.Audit.internal(
-        notifications.INVALIDATE_USER_OAUTH_CONSUMER_TOKENS,
-        payload,
-    )
-
-
 class ConsumerCrudV3(controller.V3Controller):
     collection_name = 'consumers'
     member_name = 'consumer'
@@ -93,10 +82,14 @@ class ConsumerCrudV3(controller.V3Controller):
 
     @controller.protected()
     def delete_consumer(self, request, consumer_id):
-        user_token_ref = authorization.get_token_ref(request.context_dict)
-        payload = {'user_id': user_token_ref.user_id,
-                   'consumer_id': consumer_id}
-        _emit_user_oauth_consumer_token_invalidate(payload)
+        reason = (
+            'Invalidating token cache because consumer %(consumer_id)s has '
+            'been deleted. Authorization for users with OAuth tokens will be '
+            'recalculated and enforced accordingly the next time they '
+            'authenticate or validate a token.' %
+            {'consumer_id': consumer_id}
+        )
+        notifications.invalidate_token_cache_notification(reason)
         PROVIDERS.oauth_api.delete_consumer(
             consumer_id, initiator=request.audit_initiator
         )
@@ -140,9 +133,14 @@ class AccessTokenCrudV3(controller.V3Controller):
     @controller.protected()
     def delete_access_token(self, request, user_id, access_token_id):
         access_token = PROVIDERS.oauth_api.get_access_token(access_token_id)
-        consumer_id = access_token['consumer_id']
-        payload = {'user_id': user_id, 'consumer_id': consumer_id}
-        _emit_user_oauth_consumer_token_invalidate(payload)
+        reason = (
+            'Invalidating the token cache because an access token for '
+            'consumer %(consumer_id)s has been deleted. Authorization for '
+            'users with OAuth tokens will be recalculated and enforced '
+            'accordingly the next time they authenticate or validate a '
+            'token.' % {'consumer_id': access_token['consumer_id']}
+        )
+        notifications.invalidate_token_cache_notification(reason)
         return PROVIDERS.oauth_api.delete_access_token(
             user_id, access_token_id, initiator=request.audit_initiator
         )
diff --git a/keystone/token/provider.py b/keystone/token/provider.py
index 28721deb21..71b499b4d4 100644
--- a/keystone/token/provider.py
+++ b/keystone/token/provider.py
@@ -80,10 +80,6 @@ class Manager(manager.Manager):
                 ['project', self._drop_token_cache],
             ],
             notifications.ACTIONS.internal: [
-                [notifications.INVALIDATE_USER_OAUTH_CONSUMER_TOKENS,
-                    self._drop_token_cache],
-                [notifications.INVALIDATE_TOKEN_CACHE_DELETED_IDP,
-                    self._drop_token_cache],
                 [notifications.INVALIDATE_TOKEN_CACHE,
                     self._drop_token_cache],
             ]