Dec 7th, 2012, 02:30 PM
OAuth2.0 JDBC Token Store clean up
I am wondering how the tokens stored in the JDBC Token Store gets cleaned up? Do we need to create a separate process to clean the store? Or does it get removed if the token expires? I know that when we revoke a token explicitly, it gets removed.
Please let me know if there is any strategy that need to be followed. I also cannot query the database directly for the expired token since the expiry time is not stored as a column in the schema.
Dec 8th, 2012, 03:20 AM
A token will be removed if it is invalid, but with the current implementation only if the client asks for a new token (for the same user and scopes). That seems reasonable to me, since the token store cannot grow without limit - you might even want to have old tokens in there so you can get some information about client and user activity. But If you want to have an automated cleanup it's something that could be added - all contributions are welcome, even if it's just a few ideas in JIRA.