Open david7joy opened 3 months ago
Under normal circumstances, rows in hydra_oauth2_access
are not deleted within 5 minutes, as the default expiry for access tokens is at least an hour. Depending on the clean up strategy (e.g. using Ory Hydra Janitor), one can choose how much time should pass before these stale records are removed.
Cockroach TTL is in our view not the best solution here as our SQL migrations are immutable files. Operators however want to choose how long they want to keep these records on file as it is often used in forensic investigations around account takeover (Answering: "who issued which token at what time and used it for what?"). Since we don't know how long these recods should be kept, we can't set a fixed time for TTL, which would be the case with row level TTL. I'm sure there is a way to engineer around this, but we believe that the Janitor is good enough even for larger-scale environments.
Preflight checklist
Ory Network Project
No response
Describe the bug
We are observing that a record is being attempted to be deleted which was created as recently as 5 mins ago. Hydra is pushing for a delete which may not be necessary or requested in cockroachDB.
Here is the delete query example :
Here is the timestamp we observed in CockroachDB :
Observation: The transaction was only created 5 mins ago, but Hydra is attempting a delete.
It may be a good idea to use CRDB Built-in Row Level TTL capability over adding delete in Hydra.
Reproducing the bug
Relevant log output
No response
Relevant configuration
No response
Version
v2.2.0 and v2.2.0-rc.2
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Kubernetes
Additional Context
@viragtripathi @nollenr