Do I need to keep expired tokens in the database?

bshaffer / oauth2-server-php

A library for implementing an OAuth2 Server in php

http://bshaffer.github.io/oauth2-server-php-docs

MIT License

3.26k stars 950 forks source link

Do I need to keep expired tokens in the database? #980

Open ianmiddelkamp opened 4 years ago

ianmiddelkamp commented 4 years ago

Hello I followed the cookbook at https://bshaffer.github.io/oauth2-server-php-docs/cookbook/ my oauth controller adds ClientCredentials GrantType and AuthorizationCode grantypes.

Do i need to keep old expired tokens in the database or can the 'oauth_access_tokens' table be cleaned out?

bzp2010 commented 4 years ago

I think you can delete expired access_token. Of course, if it's not in a critical service, you can empty the data table. BTW, refresh_token should be cleared too.