Refresh Tokens

Question

Refresh Tokens

pedrogcsb opened this issue 4 years ago · comments

Hey!

Any idea how can we remove / delete refresh token from DB if expired?

Aman Garg · Answer 1 · Tue Oct 20 2020 22:07:25 GMT+0800 (China Standard Time)

Hi, this seems to be a task for a cleanup activity. Can be performed by any background asynchronous process. You can write a scheduled job or a cron that does it for you.

Abdur Rehman · Answer 2 · Wed Apr 14 2021 13:51:11 GMT+0800 (China Standard Time)

I would suggest to store Refresh Token in Cache with TTL(Time to live) same as refresh token expiry, token gets deleted automatically when expired also there are some advantages using cache instead of DB for refresh tokens

Aman Garg · Answer 3 · Wed Apr 14 2021 17:17:41 GMT+0800 (China Standard Time)

@abdurrehmansyeds Thanks. Although straightforward, purging refresh tokens is outside the scope of the initial project. A variant of this is already done here #13

Aman Garg · Answer 4 · Sun Oct 31 2021 06:19:54 GMT+0800 (China Standard Time)

With #56 we now mark all reset tokens as inactive once claimed. Whatever that logic of purging expired refresh tokens be, it now should include all inactive tokens as well.